AWS - ECR Unauthenticated Enum
ECR
For more information check:
pageAWS - ECR EnumPublic registry repositories (images)
As mentioned in the ECS Enum section, a public registry is accessible by anyone uses the format public.ecr.aws/<random>/<name>
. If a public repository URL is located by an attacker he could download the image and search for sensitive information in the metadata and content of the image.
This could also happen in private registries where a registry policy or a repository policy is granting access for example to "AWS": "*"
. Anyone with an AWS account could access that repo.
Enumerate Private Repo
The tools skopeo and crane can be used to list accessible repositories inside a private registry.
Last updated