forked from kubescape/regolibrary
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Applicationscredentialsinconfigurationfiles.json
21 lines (21 loc) · 1.29 KB
/
Applicationscredentialsinconfigurationfiles.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{
"name": "Applications credentials in configuration files",
"attributes": {
"armoBuiltin": true,
"microsoftMitreColumns": [
"Credential access",
"Lateral Movement"
]
},
"description": "Attackers who have access to configuration files can steal the stored secrets and use them. This control checks if ConfigMaps or pod specifications have sensitive information in their configuration.",
"remediation": "Use Kubernetes secrets or Key Management Systems to store credentials.",
"rulesNames": [
"rule-credentials-in-env-var",
"rule-credentials-configmap"
],
"id": "C-0012",
"long_description": "Developers store secrets in the Kubernetes configuration files, such as environment variables in the pod configuration. Such behavior is commonly seen in clusters that are monitored by Azure Security Center. Attackers who have access to those configurations, by querying the API server or by accessing those files on the developer\u2019s endpoint, can steal the stored secrets and use them.",
"test": "Check if the pod has sensitive information in environment variables, by using list of known sensitive key names. Check if there are configmaps with sensitive information.",
"controlID": "C-0012",
"baseScore": 8.0
}