Over 900,000 Kubernetes Found Exposed On The Internet

Cyble researchers have uncovered a massive 900,000 badly configured Kubernetes servers that are vulnerable on the internet. Sixty five per cent (585,000) of these servers are located in the United States, 14 per cent in China, nine per cent in Germany and six per cent each in the Netherlands and Ireland.

Among the exposed servers, the most exposed TCP ports were “443” with just over a million instances, “10250” with 231, 200, and “6443” with 84,400 results.

The researchers clarified that not all the exposed servers can be exploited by attackers. The risk varies depending on the individual configuration.

The researchers evaluate the error codes returned to the Kubelet API for the unauthenticated requests to assess how many of the exposed instances may be at significant risk.

Most of exposed server instances return the error code 403, which means that the unauthenticated request is forbidden and cannot be traversed, so attacks against it cannot occur.

“The stats provided in the Kubernetes blog that is published from our end is on the basis of Open-source scanners and the Queries available for the product. As mentioned in the blog, we have searched on the basis of queries “Kubernetes,” “Kubernetes-master,” “KubernetesDashboard,” “K8″ and favicon hashes along with status codes 200,403 & 401,” Cyble explained.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web