Docker Hub: Developer Repository or Confidential Data Dump?

Researchers from the University of RWth Aachen in Germany recently published a study, in which they found that tens of thousands of images of containers placed on Docker Hub contain confidential data, such as private keys and APIs. This poses a significant threat to software security, online platforms, and end users.

Docker Hub serves as a cloud repository for the Docker community, providing developers with a platform to store, share, and distribute images. These images serve as templates for creating containers and include all the necessary software code, execution environment, libraries, environment variables, and configuration files for easy deployment of applications in Docker.

The German researchers analyzed a total of 337,171 Docker Hub images and thousands of private repositories. They discovered that approximately 8.5% of these images contained sensitive data, including private keys and API secrets.

What’s even more concerning is that many of these exposed keys were actively being used, posing a risk to various elements that rely on them, such as hundreds of certificates.

The study compiled a massive dataset from 1,647,300 Docker images, with the latest versions of the images from each repository being used. Using regular expressions to search for specific secrets, the researchers uncovered the exposure of 52,107 actual private keys and 3,158 different API secrets across 28,621 forms.

These figures were confirmed by the researchers after excluding test keys, API secret examples, and invalid matches.

The majority of the exposed secrets, 95% of private keys and 90% of API secrets, were found in images belonging to individual users. This suggests that their leak was most likely due to negligence.

/Reports, release notes, official announcements.