Docker security

Docker host attacks : Insecure administrative tools

There are multiple administrative tools available which can help developers and operation teams in managing Docker hosts/swarms. Such tools require high privileges to perform various operations (e.g. starting a container with special capabilities, attaching to any container etc.). However, if they are not protected well, they can lead to compromise.

In the following video, an attacker use a bruteforce attack to recover administrator credentials on an instance of Portainer (a web tool facilitating Docker container management) and finally retrieves files in the server root file system by creating a privileged container.