etcd Unauthenticated HTTP API Leak

Jijith Rajan
Published on
01 Oct 2021

The etcd HTTP API can be used without requiring authentication. As a result, keys containing sensitive information could be exposed. A user will also be able to update and delete keys without having to authenticate.


A remote attacker can deduce important data like usernames and passwords and modify or delete it.

Mitigation / Precaution

We recommend you implement an authentication mechanism for API to patch this issue.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment