Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
12 December 2024
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks.
"Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API