Tens of thousands of Docker Hub container images contain sensitive data such as private keys and API secrets for software and online platforms. This sensitive data in this way creates a huge attack surface, German researchers from RWTH Aachen University found.
In their examination of 337,171 Docker Hub container images, the German researchers found that about 8.5 percent of these images contained sensitive data such as private keys and API secrets. In total, this involved as many as 52,107 valid private keys and 3,158 different API secrets in 28,621 Docker images.
Most of the private keys found are actively used. The compromised API secrets mainly concerned APIs for cloud providers such as AWS, but also for financial services such as Stripe.
Further security issues
It also appears that most of the data found, 95 percent in the case of the private keys and for 90 percent of the API secrets, were in single-user images. According to the study, this makes it very plausible that they were leaked unintentionally.
To make matters even more troubling, another 22,082 of once-compromised certificates dependent on the discovered private keys were found on the images.
The researchers indicate that storing sensitive data in Docker Hub thus potentially enables a large attack surface. Moreover, the results indicate that developers are creating container images without too much thought, without first cleaning them for any secrets.