Jump to content
NeophobiA

New Ticketbleed Vulnerability Bleeds Like Old Heartbleed.. Literally

By NeophobiA, in Tech News

Recommended Posts

NeophobiA    1,503

NeophobiA
Posted

background_drawing_blue_line_texture_694
 

Filippo Valsorda, a researcher from Cloudflare, recently discovered a bug in F5’s BIG-IP Networks. The flaw has been dubbed as Ticketbleed, keeping in mind its similarity with another such bug, Heartbleed.

How does Ticketbleed work? Ticketbleed is a vulnerability in the BIG-IP SSL networks that allows for SSL sessions to be leaked which are as large as 31 bytes. This happens due to the inherent SSL ticket system being designed in a way that stores certain pieces of information from previous SSL sessions.

This is because doing so allows for better loading time as the server does not need to connect to the server anew. Rather, it can resume the SSL session that was previously started by retrieving the information from the previous SSL tickets. 

Such information, however, contains certain encrypted data that is sensitive. Ticketbleed, as such, allows attackers to access this information very conveniently. Essentially, the attackers can get their hands on SSL session IDs and 31 bytes of uninitialized memory.

“The vulnerability lies in the implementation of Session Tickets, a resumption technique used to speed up repeated connections. When a client supplies a Session ID together with a Session Ticket, the server is supposed to echo back the Session ID to signal acceptance of the ticket. Session IDs can be anywhere between 1 and 31 bytes in length. The F5 stack always echoes back 32 bytes of memory, even if the Session ID was shorter. An attacker providing a 1-byte Session ID would then receive 31 bytes of uninitialized memory, according to technical details section of Ticketbleed website.”

33293206602_03d5913319.jpg

Ticketbleed vs. Heartbleed: The researcher claimed that the vulnerability is similar to its counterpart, Heartbleed regarding the consequences. However, with Heartbleed, the data that could be retrieved amounted to as high as 64k. Ticketbleed, on the other hand, only allows for 31 bytes of data at a time.

32605797454_92d6858c41.jpg

The flaw, Valsorda explains, exists due to the way the ticket system works. As of now, a mitigation plan has been issued by F5 to eradicate the flaw. Nevertheless, little is known as to what exactly is being done to resolve the issue. However, Flippo did provide a quick solution: 

 

Source: Flippo | Via: Ticketbleed

 

 

 

  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Tech News
×