Container Registries

Azure Container Registries With Admin User

Risk Level: High

Description  

This plugin ensures that the admin user is not enabled on container registries. Azure Container Registries have an admin user that is designed for testing. This should be disabled by default to avoid sharing confidential admin credentials

About the Service

Container Registries: Container registries is Microsoft owned hosting platform for Docker images. It is a repository used to build, store and manage container images securely and efficiently. The container images help users to scale out the applications quickly and ship applications from one system to another.

Impact 

If the admin user is enabled other employees will be able to docker login to container registries using the generated passwords. But, the sharing of passwords can give unauthenticated access to bad actors once they get hold of the auto-generated passwords.

Steps to Reproduce

  1. Login to azure portal.
  2. In services, select Container Registries.
  3. The Container registries service will open, select the desired registry for which you want to check the error.
  4. In the Navigation section, Under Settings click on Access keys.
  5. If the Admin User button is set to Enabled, follow the Steps for Remediation.
  6. Repeat the process for the rest of the registries.

Steps for Remediation

  1. Login to azure portal.
  2. In services, select Container Registries.
  3. The Container registries service will open, select the desired registry for which you want to eliminate the error.
  4. In the Navigation section, Under Settings click on Access keys.
  5. Click on the switch button in front of the Admin User option to disable admin user.
  6. Repeat this process for the rest of the registries.

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support