F-Secure vulnerability research: SaltStack
April 2020 by F-Secure
F-Secure has just released new research around discovered critical vulnerabilities in the popular ‘Salt’ remote task and configuration framework. This potentially allow attackers to bypass authentication and authorization settings and take control of thousands of servers in the Cloud.
By exploiting these vulnerabilities, an attacker could execute code remotely with root privileges on the master central repository. For this reason it has been awarded the highest severity rating possible in the ‘Common Vulnerability Scoring System’.
Salt is open-source software used in infrastructure, network, and security automation solutions from a company called SaltStack and a popular tool used to maintain data centres and cloud environments. Salt frameworks consist of a “master” server which acts as a central repository and controls any number of “minion” agents that carry out tasks and collect data for the system.
The researchers also discovered 6000 Salt masters (each one controlling anything between zero to hundreds of minions) openly discoverable on the internet, which if found, can be exploited by bad actors to take control of the server with admin privileges. From there, they can carry out anything from Cryptomining, install backdoors into systems and carry out ransomware attacks.