A bug was discovered that could let an attacker with access to a vulnerable Microsoft Azure Kubernetes Services (AKS) cluster escalate privileges and access credentials for the services used by the cluster.
Mandiant researchers said in an Aug. 19 blog post that attackers exploiting the issue could gain access to sensitive information resulting in data theft, financial loss, and reputational damage.
The Mandiant researchers explained that an attacker with command execution in a Kubernetes pod (a group of one or more containers that share storage and network resources) running within an AKS cluster could download the configuration used to provision the cluster, extract the transport layer security (TLS) bootstrap tokens, and perform a “TLS Bootstrap Attack” that could read all the secrets within the cluster.
John Bambenek, president at Bambenek Consulting, explained that a TLS bootstrap attack exploits a flaw in the automated provisioning of TLS client certificates in Kubernetes nodes. An attacker with local access can manipulate the process to ultimately get a certificate with permissions to decrypt secrets of any running service in a cluster provided they have command-line access in any node in the first place, said Bambenek.
“The primary risk is a malicious insider trying to steal secrets to applications they don’t have rights to,” explained Bambenek. “As this vulnerability is in Azure itself, Microsoft needed to issue the fix on its own infrastructure and has done so. The only defense to consider is network policies that restrict access only to required services would prevent similar styles of attacks. “
Callie Guenther, senior manager of cyber threat research at Critical Start, said although Microsoft has patched the issue, security teams must immediately audit their AKS configurations, especially if they use "Azure CNI" for network configuration and "Azure" for network policy. Guenther said they should also rotate all Kubernetes secrets, enforce strict pod security policies, and implement robust logging and monitoring to detect any suspicious activities.
“While this vulnerability is serious, requiring prompt action, it's a second-stage attack, meaning it needs prior access to a pod,” said Guenther, who is also a columnist for SC Magazine. “Thus, it should be prioritized accordingly within the broader context of an organization's threat landscape.”
Guy Rosenthal, vice president of product at DoControl, said what makes this issues particularly concerning is that an attacker doesn't need root access or special network privileges to exploit it. Rosenthal said they just need to compromise a single pod in the cluster. From there, they can potentially access sensitive information across the entire cluster, including credentials for various services.
“It's like giving someone the keys to the kingdom just because they managed to sneak into the courtyard,” said Rosenthal. “While Microsoft has patched this specific issue, it highlights a broader challenge in cloud security. As we build more complex, interconnected systems, we're also creating new attack surfaces that might not be immediately obvious. It's not enough to just secure the front door — we need to think about every possible entry point, even the ones we didn't know existed.”