/
We have heard of security concerns regarding Docker registries. Is any of the Ayfie products affected? As an Ayfie customer, are we at risk due to this?

We have heard of security concerns regarding Docker registries. Is any of the Ayfie products affected? As an Ayfie customer, are we at risk due to this?

Security problems with privately hosted docker registries have been outlined in the Unit 42 Cloud Threat Report: Spring 2020 and subsequently publicized by a Threatpost article.

No Ayfie products are affected.

Those of our products that do not use Docker (eg Ayfie Locator, Supervisor, DocumentHandler, MyWorks) were never at risk.

The recently reported security concerns result from parties who poorly secured their (self-hosted / custom-hosted) private registries

Those of our products that use Docker (eg ayfie Inspector) are not hosted in private registries and none of our builds or containers are based on anything hosted in any private registry.

Ayfie’s own Docker registries are hosted on quay.io and hub.docker.com, and all of them are restricted in regard to push and pull operations.

 

ayfie