Docker – an open platform used to manage server images and applications, recently exposed Vine’s source code. Usually, Docker installations are not publicly accessible, however; Vine faced grave threat as its source code was reportedly downloaded by a hacker due to this situation of vulnerability.
The Docker setup is essentially used by Twitter’s staff to manage Vine’s content and that’s primarily how both are connected in this issue. It was later discovered by a security researcher at Avicoder that the Docker setup wasn’t exactly secure. What made the situation worse is that Twitter wasn’t functioning on Docker’s latest version, thereby giving rise to many limitations in terms taking secure measures.
The Avicoder naturally tried all the commands he could find, to discover what actions he could perform. He discovered that a range of commands were available to him, including the possibility of searching and retrieving content from Twitter’s Docker setup. The researcher even downloaded over 80 Docker images from Twitter’s Vine servers, only to realize that one of those server images contained the Vine’s entire source code.
‘I was able to see the entire source code of vine, its API keys and third party keys and secrets. Even running the image without any parameter, was letting me host a replica of Vine locally,’ Avicoder explained.
Twitter awarded the researcher a reward of $10,080 for his work.
