A new security flaw was identified this week in Selenium Grid, a widely-used tool by software testers for running tests concurrently across various browsers and environments. This breach has sparked major worries among testers regarding the safety and dependability of their testing setups.
So what? The IP address in question is said to belong to a legitimate service that has been compromised by the threat actor, as it has also been found to host a publicly exposed Selenium Grid instance.
- Exactly who is behind the attack campaign is currently not known despite all the Korea rumours flying around.
- However, it involves the threat actor targeting publicly exposed instances of Selenium Grid and making use of the WebDriver API to run Python code responsible for downloading and running an XMRig miner (for Monero mainly)
- The cloud security company Wiz has named the ongoing activity SeleniumGreed (love it) and is monitoring it closely
- This hack campaign is directed at older versions of Selenium (3.141.59 and earlier) and is thought to have been active since at least April 2023
- For anyone now panicking to change their verison, there are also some other guides below
Why bother? Software testers widely use Selenium Grid to guarantee cross-browser compatibility and efficient parallel test execution. Since authentication is not enabled by default, many publicly accessible instances of this service are misconfigured, leaving them vulnerable to unauthorised access and malicious exploitation. A security breach in this tool could pose major risks;
Compromised Test Data: Unauthorised access to test data might expose sensitive information
Manipulated Test Results: Attackers could modify test outcomes, undermining the reliability of the results
Service Disruptions: Exploiting this flaw could disrupt the testing pipeline, causing delays in the development workflow
What's more…Through vigilance and the implementation of certain measures, software testers can securely and reliably use Selenium Grid in their testing environments. But we need to remember:
- Safeguard: Maintain and protect your testing environment; ensure your tools are up-to-date
- Stay Informed: Keep updated with the latest security advisories and updates for testing tools
- Regular Audits: Perform frequent security audits on your testing infrastructure
- Incident Response Plan: Create and sustain a strong incident response plan to promptly handle any security breaches
Resources
- Protecting unsecured selenium grid
- MoT's Security Testing Collection
- MoT's Selenium Collection
- For help on how to enable basic authentication and protect Selenium Grids from unauthorised external access, follow the service’s official guidelines here
- MoT Podcasts (for Selenium conversations)