id: misconfigured-docker info: name: Docker Container - Misconfiguration Exposure author: dhiyaneshDK severity: critical description: A Docker container misconfiguration was discovered. The Docker daemon can listen for Docker Engine API requests via three different types of Socket - unix, tcp, and fd. With tcp enabled, the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon. It is conventional to use port 2375 for un-encrypted, and port 2376 for encrypted communication with the daemon. reference: - https://madhuakula.com/content/attacking-and-auditing-docker-containers-using-opensource/attacking-docker-containers/misconfiguration.html tags: docker,unauth,devops metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/images/json" matchers-condition: and matchers: - type: word words: - '"ParentId":' - '"Container":' - '"Labels":' condition: and - type: status status: - 200 # Enhanced by mp on 2022/05/20