Kong Admin Token
Service Name: Kong API Gateway
Service Description: Kong is an open-source API gateway and microservices management layer that sits in front of your APIs, providing features like authentication, rate limiting, logging, and more to help manage API traffic.
Service Address: https://konghq.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Kong Admin API level through CORS settings and network-level controls.
Secret Access Scope: Grants full administrative access to the Kong Admin API, allowing configuration changes to API gateways, services, routes, plugins, and consumers.
Secret Revokement URL: Does not exist (tokens must be rotated or removed from Kong's configuration)
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrb25nX2FkbWluIiwibmFtZSI6I mFkbWluIiwiaWF0IjoxNTE2MjM5MDIyfQ.XYZ123abc456def789ghi
Suspicious Activity Investigation Instructions:
- Review Kong Admin API logs for unauthorized or unusual configuration changes
- Check for new services, routes, or plugins that were unexpectedly created
- Monitor for changes to existing API configurations, especially authentication settings
- Examine network traffic to the Kong Admin API for suspicious IP addresses or patterns
- Verify if any consumers or credentials were created or modified without authorization
Mitigation Instructions:
- Immediately rotate the Kong Admin token by generating a new one
- Update the Kong configuration file to use the new token
- Restart the Kong service to apply the changes
- Review and revert any unauthorized changes made to your Kong configuration
- Implement stricter access controls for the Kong Admin API, such as IP restrictions
- Consider enabling RBAC (Role-Based Access Control) if using Kong Enterprise
- Set up monitoring and alerting for Kong Admin API access and changes