Docker security

Docker registry : Dictionary attack

To acheive access restriction in your docker registry, you can set up some authentication mechanisms like using a proxy in front of the registry, delegated authentication which redirects users to a specific trusted token server or a simple HTTP Basic Authentication. HTTP Basic authentication is a simple authentication scheme built into the HTTP protocol through the headers.

A simple attack against authentication systems that a user can try is dictionary attack. A dictionary attack is a systematic method of guessing a user or a password by trying many common words and their simple variations.

In the following video, an attacker perform a dictionary attack to get access to a docker registry protected by HTTP Basic Authentication.