CLOUD-IAC-TFSTATE-EXPOSURE
Cloud · IaC · Terraform state file (terraform.tfstate)
Résumé
Exposed Terraform state is an Infrastructure-as-Code hygiene failure class in which the terraform.tfstate file leaks credentials because Terraform records every managed resource attribute, including secrets, in cleartext JSON by default. HashiCorp documents that Terraform stores state in a plaintext file that includes any secret values defined in the configuration, so database passwords, IAM access keys, TLS private keys, and API tokens are written verbatim into state. The exposure paths are concrete and repeatedly observed: state committed to a public or private git repository without a .gitignore rule, state left in a world-readable or misconfigured S3 bucket, state captured in CI/CD logs, or state held in a remote backend that lacks encryption at rest and access controls. Numerous terraform.tfstate files have been found in public GitHub repositories and open S3 buckets, and because the file is effectively a master key to the infrastructure, an attacker who reads it obtains working credentials and bypasses the perimeter entirely without exploiting any vulnerability.
Comment l’éviter dans votre code
- Add *.tfstate and *.tfstate.backup to .gitignore and never commit state to any repo.
- Store state in an encrypted remote backend (S3 with SSE-KMS, or HCP Terraform) with state locking.
- Apply Block Public Access and least-privilege IAM policies to the state backend bucket.
- Keep secrets out of state by sourcing them from a vault and marking variables sensitive.
- Scan repos and IaC with secret scanners and tfsec/Checkov in CI to catch committed state.
Références
Vulnérabilités liées
Tout Infra →- HIGHCLOUD-ENVFILE-EXTORTION-2024
On August 15, 2024, Palo Alto Networks Unit 42 detailed a large-scale extortion campaign that compromised cloud environments by harvesting exposed environment variable files. Attackers scanned at least 110,000 domains and collected over 90,000 unique variables, including roughly 7,000 cloud service credentials and 1,515 social media credentials, with their infrastructure probing around 230 million targets. The vector was a web server misconfiguration: .env files inside the web root were served as plaintext over HTTP because the servers had no rule denying access to dotfiles, exposing the long-lived AWS IAM access keys hardcoded inside. The initial IAM principals lacked full admin but retained permission to create roles and users, so attackers called CreateRole and attached AdministratorAccess to escalate, then spun up Lambda functions across regions to automate further internet-wide scanning. They used the victims' own AWS accounts to exfiltrate and delete S3 objects, then uploaded ransom notes demanding payment. The failure chain combined exposed dotfiles, long-lived hardcoded credentials, and over-permissioned IAM, not any cloud-provider flaw.
- HIGHINFRA-TESLA-K8S-2018
Tesla's Kubernetes administrative console was exposed to the internet without password protection, allowing attackers to access it and discover Tesla's AWS access credentials stored within. The attackers used the environment to run cryptomining software inside Tesla's AWS, employing evasion techniques such as hiding the mining pool behind CloudFlare, using a non-standard mining endpoint, and throttling CPU usage to avoid detection. It was discovered by the RedLock Cloud Security Intelligence team, later part of Palo Alto Networks Prisma Cloud, and Tesla remediated within hours stating no customer or vehicle data was compromised.
- CRITICALK8S-INGRESSNIGHTMARE-2025
IngressNightmare was a chain of five vulnerabilities in the Ingress-NGINX Controller for Kubernetes disclosed on 24 March 2025 by the Wiz Research team, the most severe being CVE-2025-1974 (CVSS 9.8), which enabled unauthenticated remote code execution from the pod network. Wiz estimated about 43% of cloud environments were vulnerable and identified over 6,500 publicly exposed clusters, including Fortune 500 organizations. The controller's validating admission webhook ran as an unauthenticated HTTP endpoint reachable by any workload on the pod network, accepting attacker-supplied AdmissionReview requests containing crafted Ingress objects. The supporting CVEs (CVE-2025-24514 auth-url, CVE-2025-1097 auth-tls-match-cn, CVE-2025-1098 mirror UID, CVE-2025-24513 path bypass) injected unsanitized NGINX configuration directives via annotations into a temporary config the controller validated with nginx -t. The attacker uploaded a shared-library payload by abusing NGINX client-body buffering (an oversized Content-Length keeps the request file descriptor open in ProcFS) and then used the injected ssl_engine directive to load that library during validation, achieving code execution in the controller pod whose service account could read all cluster secrets across namespaces, enabling full cluster takeover.
- CRITICALCLOUD-BUCKET-MONOPOLY-2024
In research disclosed to AWS on February 16, 2024 and presented at Black Hat USA and DEF CON 32 in August 2024, Aqua Security's Nautilus team described a class of S3 bucket-name takeover attacks they called Bucket Monopoly, affecting CloudFormation, Glue, EMR, SageMaker, Service Catalog, and CodeStar. These services auto-created S3 buckets with predictable names built from static prefixes plus the account ID and region, such as cf-templates-{hash}-{region}, aws-glue-assets-{account-id}-{region}, and sagemaker-{region}-{account-id}, where account IDs are discoverable from ARNs, access keys, and public repos. Because S3 bucket names are globally unique, an attacker could pre-create a victim's predictably named bucket in a region the victim had not yet used (a Shadow Resource), then the victim's service would later read attacker-controlled content from it. This enabled data tampering, information disclosure, remote code execution by injecting malicious Glue or CloudFormation content, and in some cases full account takeover via planted admin roles; AWS remediated by adding randomized suffixes to bucket names and enforcing aws:ResourceAccount conditions. The class also covers reuse of abandoned or dangling bucket names that a victim configuration still references.
- HIGHCVE-2024-6387
A signal-handler race condition in OpenSSH's server (sshd) on glibc-based Linux. If a client fails to authenticate within the LoginGraceTime window, the SIGALRM handler calls async-signal-unsafe functions, which an attacker can interrupt at a precise moment to corrupt the heap and achieve unauthenticated remote code execution as root. It is a regression of the 2006 CVE-2006-5051, reintroduced in OpenSSH 8.5p1. Exploitation is non-trivial, requiring thousands of race attempts, but Qualys reported roughly 4.8 million internet-exposed instances as potentially affected.
- CRITICALCONTAINER-EXPOSED-DOCKER-API
Exposed Docker API is a recurring misconfiguration class in which the Docker remote API (default TCP 2375 plaintext, 2376 TLS) is published to untrusted networks without TLS or authentication, granting anyone who reaches it full control of the daemon. Because dockerd runs as root and the unauthenticated API permits arbitrary container creation, an attacker can launch a privileged container that bind-mounts the host root filesystem and then chroots into it to escape to the host. The Commando Cat campaign, reported in 2024 by Cado Security and analyzed by Trend Micro (advisory dated 13 June 2024), abused exactly this exposure: it deployed a benign image (cmd.cat/chattr) generated by the open-source Commando project, then used chroot and volume binding of the host's root directory into the container to break out and run host-level payloads. The delivered payloads installed cryptocurrency miners, registered persistence and a stealthy backdoor (including DropBear SSH on TCP 3022), and exfiltrated host and cloud-service-provider credentials. Shell-script and command-and-control infrastructure overlapped with the TeamTNT cryptojacking group.