Distributed Consensus Disruption

high

consensus-disruption

Attacker disrupts the Raft consensus protocol by manipulating leader election, injecting rogue members, or causing network partitions that lead to split-brain scenarios or data inconsistency

TamperingDenial of Service

MITRE ATT&CK techniques

ID	Name	Tactic
T1498	Network Denial of Service	Impact
T1565	Data Manipulation	Impact

Common Weakness Enumeration

CWE-345
CWE-400

Mitigating controls

ctrl-consensus-1: Require peer certificate authentication for all etcd members
ctrl-consensus-2: Use static member configuration rather than dynamic discovery
ctrl-consensus-3: Deploy etcd across multiple availability zones with proper quorum
ctrl-consensus-4: Monitor cluster health metrics and member status
ctrl-consensus-5: Implement network segmentation for etcd peer traffic

References

https://etcd.io/docs/v3.5/op-guide/security/
https://raft.github.io/