Metasploit: Rancher Server Docker Exploit

on Oct 9, 2017

We would like to quickly explain and address the recent metasploit module, which  was created to exploit Rancher servers and Docker hosts.  This is not a security issue because it only works in the following two scenarios:

1. Your Rancher server does not have authentication enabled

While Rancher does not require you to enable authentication, you should always enable it if you are deploying Rancher in an untrusted environment (e.g., publicly exposed to the internet).  Instructions can be found here. Rancher currently supports GitHub, SAML, LDAP/AD, Azure AD, OpenLDAP, and local authentication using our database.

2. Your API keys have been compromised

This is no different from having your username and password compromised, so please make sure you API keys are stored securely.  Rancher provides you an option to disable and recreate the API keys that have been compromised.

In Rancher 2.0, we will be further enhancing security by requiring authentication to be enabled by default.  Access to host bind mounts (what is exploited here) will be privileged, and require that users be granted access. Stay tuned for more information!

 

Will is a co-founder and Vice President of Engineering at Rancher Labs. Prior to Rancher, Will was Director of Engineering for the CloudPlatforms group at Citrix System after their acquisition of Cloud.com, where he held a similar position and was one of the original founding engineers. Will has over 15 years of experience of building massively scalable software for large enterprises and telcos and has held lead engineering positions at SEVEN Networks, Openwave Systems, and Cambridge Technology Partners. Will has a B.S (EECS) from the University of California, Berkeley.

Online Meetup: Managing Kubernetes Clusters with Rancher 2.0

Thursday, November 30 at 1PM ET

One of the things we’re really excited about in the Rancher 2.0 tech preview is centralized management of multiple Kubernetes clusters.

Join us Thursday, November 30 as we explore how the new cluster management features significantly increase visibility into and control of your Kubernetes clusters.

Register here

Recent Posts


Upcoming Events