Monday, November 9, 2020

Thousands of SonarQube Instances Publicly Exposed


The FBI recently released an alert that hackers are targeting SonarQube, software designed to scan source code for vulnerabilities. Specifically, hackers are targeting unsecure, default instances which have not been locked down and have a default username and password of admin/admin.


A search using Shodan reveals several thousand public facing SonarQube instances, most of which are hosted on Amazon on Microsoft Azure.

The FBI recommends changing default credentials, as well as changing the default port. An additional recommendation I would make would be to restrict SonarQube access to only authorized IP address spaces, or even better yet, don't make SonarQube publicly facing.

While it's wonderful to have more security tools available, be aware that hackers will also begin attacking those same security tools.

Ken Buckler is a Cyber Security professional. The opinions expressed in this article are his own, and do not reflect those of his employer or clients.


No comments:

Post a Comment

Looking at X's Grok for Potential Cyber Threat Intelligence and Guidance

I'm playing around with X's Grok from a cybersecurity perspective, and I'm very impressed so far. Because Grok has real-time acc...