- CNS Policies
- Azure Knowledge Base
- Container Registries
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
DigitalOcean Knowledge Base
Azure Container Registries With Admin User
Risk Level: High
Description
This plugin ensures that the admin user is not enabled on container registries. Azure Container Registries have an admin user that is designed for testing. This should be disabled by default to avoid sharing confidential admin credentials
About the Service
Container Registries: Container registries is Microsoft owned hosting platform for Docker images. It is a repository used to build, store and manage container images securely and efficiently. The container images help users to scale out the applications quickly and ship applications from one system to another.
Impact
If the admin user is enabled other employees will be able to docker login to container registries using the generated passwords. But, the sharing of passwords can give unauthenticated access to bad actors once they get hold of the auto-generated passwords.
Steps to Reproduce
- Login to azure portal.
- In services, select Container Registries.
- The Container registries service will open, select the desired registry for which you want to check the error.
- In the Navigation section, Under Settings click on Access keys.
- If the Admin User button is set to Enabled, follow the Steps for Remediation.
- Repeat the process for the rest of the registries.
Steps for Remediation
- Login to azure portal.
- In services, select Container Registries.
- The Container registries service will open, select the desired registry for which you want to eliminate the error.
- In the Navigation section, Under Settings click on Access keys.
- Click on the switch button in front of the Admin User option to disable admin user.
- Repeat this process for the rest of the registries.
Please feel free to reach out to support@pingsafe.com with any questions that you may have.
Thanks
PingSafe Support