Etcd is yet another highly critical piece of infrastructure that had authentication disabled by default.
I guess I’ll add this one to the list of unauthenticated, unfirewalled protocols.
“etcd before 2.1 was a completely open system; anyone with access to the API could change keys. In order to preserve backward compatibility and upgradability, this feature is off by default.”
[…]
Yes. The same thing, etcd has an authentication mechanism which is disabled by default and it also has a very nice RESTful API as itβs main interface, what could go wrong right. People are smart and they will keep their etcd services from leaking to the open internet.
Wrong!