I have been diving a bit into how the balena-cli
commands work and I’ve noticed a security hole. A tunnel is established by using vpn.balena-cloud.com
as an HTTP proxy server using CONNECT. However, the connection from the client host to vpn.balena-cloud.com
is plain TCP, it is not encrypted via SSL. The authorization scheme is HTTP BASIC, using the Balena user and the Balena token as a password. This exposes the client to a couple of security problems:
- First of all, anyone with access can sniff the connection and get a user’s user ID and Balena token, exposing all the user’s resources while the token is still valid
- Second, any traffic that is then sent through the tunnel is exposed (again, to sniffing)
Are there any plans to secure access? Either by using SSL, or by using the SSH proxy to establish the tunnel instead of an HTTP proxy.