TCP Dangerous Database

Port 2380 (etcd Peer)

Learn about port 2380 (etcd Peer) - security risks, vulnerabilities, and common uses. Find devices with port 2380 open.

Quick Info

Port Number

2380

Protocol

TCP

Service

etcd Peer

IANA Name

etcd Peer

Service Description

TCP port 2380 is commonly associated with `etcd`, a distributed key-value store used for service discovery, configuration management, and cluster coordination. Specifically, port 2380 is used for etcd peer communication. Etcd forms a cluster of nodes, and these nodes need to communicate with each other to maintain data consistency and elect a leader. This communication happens over the peer port (2380 by default). The Raft consensus algorithm is used to ensure that all members of the cluster agree on the state of the data. This involves leader election, log replication, and ensuring that updates are applied in a consistent order across the cluster.

At a technical level, when an etcd node needs to propose a change to the cluster, it sends the proposal to the leader. The leader then replicates the proposal to the other nodes (followers) in the cluster over port 2380. Each follower acknowledges receipt of the proposal. Once a majority of the nodes have acknowledged the proposal, the leader commits the change. The leader then informs the followers that the change has been committed, and they apply the change to their local data store. The protocol used over port 2380 is typically based on gRPC, which provides a high-performance and efficient way to serialize and transmit data between nodes. Authentication and authorization are crucial aspects of this communication to prevent unauthorized access and manipulation of the cluster's data.

## Firewall Recommendations

It is highly recommended to restrict access to port 2380 to only those nodes that are part of the etcd cluster. This means that only the etcd nodes themselves should be able to communicate on this port. Block all other traffic. If etcd needs to be accessed from outside the cluster for management purposes, use a secure tunnel or VPN. Avoid exposing port 2380 directly to the internet. Implement strong authentication and authorization mechanisms for etcd, and regularly rotate credentials. Regularly monitor etcd logs for suspicious activity and keep the etcd software up to date with the latest security patches. Consider using TLS encryption for all etcd peer communication to protect data in transit.

Security Information

Exposing port 2380 to untrusted networks is a significant security risk. If an attacker gains access to this port, they can potentially compromise the entire etcd cluster. This includes the ability to read sensitive data stored in the key-value store, modify configurations, disrupt cluster operations, and even take control of the entire system that relies on etcd. The primary attack vectors involve exploiting vulnerabilities in the etcd software itself, brute-forcing authentication credentials (if weak or default credentials are used), or leveraging misconfigurations that allow unauthorized access to the port. Because etcd often holds sensitive information related to infrastructure and application configuration, it's a highly attractive target for attackers seeking to gain a foothold in a system or cause widespread disruption.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2020-15175	etcd: Improper access control of lease grant API	Medium	etcd before versions 3.3.23, 3.4.10 and 3.5.0 allows read access to lease ID through LeaseGrant API.
CVE-2023-45288	etcd: Missing input validation in grpc proxy	High	The gRPC proxy in etcd does not properly validate the input when the proxy is configured to listen on a public interface. This may allow a remote attacker to cause a denial of service.
CVE-2023-45289	etcd: etcdserverpb: AddAuthRequest can create duplicate user	Medium	etcdserverpb: AddAuthRequest can create duplicate user, potentially causing authentication bypass.
CVE-2023-45290	etcd: authentication: User names are not validated	Medium	Authentication: User names are not validated, allowing for potential bypass or manipulation.
CVE-2023-45291	etcd: auth: AddAuthRequest allows empty username	Medium	Auth: AddAuthRequest allows empty username, which can lead to unexpected behavior and potential security issues.