From 74b181018b42ea6c3595450f8fa419dbfa60d3ae Mon Sep 17 00:00:00 2001 From: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Date: Wed, 23 Mar 2022 11:46:56 -0400 Subject: [PATCH] docs: make gossip threat model more visible --- website/content/docs/security/security-models/core.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx index b11f5da308..f408a57f6f 100644 --- a/website/content/docs/security/security-models/core.mdx +++ b/website/content/docs/security/security-models/core.mdx @@ -407,7 +407,9 @@ The following are not part of the threat model for client agents: configured identity, and extract information from Consul when ACLs are disabled. - **DNS** - Malicious actors with access to a Consul agent DNS endpoint may be able to extract service catalog - information. Gossip - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate + information. + +- **Gossip** - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate agents within a datacenter. Gossip encryption should be enabled, with a regularly rotated gossip key. - **Proxy (xDS)** - Malicious actors with access to a Consul agent xDS endpoint may be able to extract Envoy service