Missing Authentication between Microservices

[prernaadev01]

Impact

An attacker able to access an internal service could impersonate other services, intercept or modify data in transit, and perform unauthorized actions, compromising the integrity and security of the entire application.

Description

Discussions with Envision Blockchain revealed that the internal communication between microservices did not require authentication. This meant that any resource capable of communicating with a given service could execute actions on that service without authentication. Such a setup significantly increases the risk exposure for the environment. If any resource within the system is compromised, an attacker could potentially gain access to any other resource within the system without needing to authenticate, posing a severe security threat.
As an example, any compromised service could be able to access or inject malicious messages in the message broker to execute arbitrary actions within the system.

Recommendation

It is recommended to implement mutual authentication for all internal microservice communications to ensure that each service can verify the identity of the other.
It is recommended to ensure that each service is properly authenticated, using authorization roles and permissions to ensure that each service can only publish or consume messages in the queues relevant to its designated function.
Moreover, messages could be digitally signed, ensuring they originate from the correct service. At each step in the process, the signatures can be verified to ensure that the message has not been tampered with.
Where applicable, integrate these recommendations into the security hardening guide to ensure organizations deploying the application can implement these best practices effectively.

Location

• guardian-service
• notification-service • logger-service
• worker-service
• auth-service
• ai-service
• policy-service
• application-events • topic-viewer