Ticketbleed Undermines SSL Security

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The recent report that F5’s Big-IP leaks memory once again underscores the risks of relying heavily on security appliances.

The exploit, called “Ticketbleed” could enable attackers to intercept SSL traffic. The name comes from the Heartbleed exploit that caused headaches in 2014, reports the Register.

According to the description in the National Vulnerability Database with Ticketbleed:

“A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.”

The exploit was first discovered by Cloudflare Cryptography Engineer Filippo Valsorda, and found to affect 10 Big-IP appliances. You can see a complete list of impacted appliances here.The exploit is being considered “high” in severity and F5 customers are encouraged to upgrade their software. You can also mitigate the vulnerability by disabling session tickets on the affected Client SSL profile.

Valsorda has also created a site for testing hosts for their vulnerability to Ticketbleed. According to the site, 3 of the top 1,000 Alexa sites were vulnerable to the exploit.

While all software products could have bugs and vulnerabilities, we at Cato think that the appliance form factor makes it particularly difficult for enterprises. Customers struggle to fully patch all systems in a timely manner, especially in a distributed environment. Rather than chasing after the latest vulnerability in every appliance, enterprises can simplify security operations with cloud-based security providers.

Cloud-based security shifts the burden of responding to every exploit to the provider who has a financial interest in keeping security infrastructure current. Cloud security services are inherently faster and easier to patch than enterprise appliances, which improves overall security posture. And any security updates to the service made on behalf of one customer immediately help all customers.

The benefit of cloud-based security is particularly acute for small to medium enterprises (SMEs). These organizations typically cannot afford full-time security researchers, advanced threat prevention, or the threat intelligence subscriptions needed to ensure timely detection and response to new exploits. Those costs are assumed by the security provider.

To learn more about the benefits of moving from appliances to security services download our Drop the Box! eBook.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Cato Networks
Cato Networks is rethinking network security from the ground up and into the Cloud. Cato has developed a revolutionary new Network Security as a Service (NSaaS) platform that is changing the way network security is delivered, managed, and evolved for the distributed, Cloud-centric, and mobile-first enterprise. Based in Tel Aviv, Israel, Cato Networks was founded in 2015 by cybersecurity luminary Shlomo Kramer, who previously co-founded Check Point Software Technologies and Imperva, and Gur Shatz, who previously co-founded Incapsula.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?