A security flaw in Kafdrop, an open-source user interface and management interface for distributed event-streaming platform Apache Kafka, has put data in an undisclosed number of companies at risk. Kafdrop is used by “major global financial institutions, insurance companies, and communications providers,” a report says. The vulnerability allows anyone access to view live Kafka clusters, including financial transactions and mission-critical data, without authentication. A different cluster exposed insurance claims, transactions, and interactions between agents and customers.”]
Source: https://www.cuinfosecurity.com/kafdrop-flaw-puts-data-major-global-players-at-risk-a-18067