Do you know about TicketBleed Vulnerability???

Holla I'm back with a surprising post .
This post is based on a software vulnerability.

The name of this vulnerability is TICKETBLEED(CVE-2016-9244).



What is TicketBleed(CVE-2016-9244)?

It is a software vulnerability which is found in the TLS/SSL stack of F5 BIG-IP appliances that allows a remote attacker to extract approximately upto 31 bytes of uninitialized memory at a time.

There are high chances that these uninitialized memory will contain key materials or sensitive data from other connections.

Not only it spells close to the infamous Heartbleed vulnerability but it is also technically similar to it.
The only thing that differ between the Ticketbleed and Heartbleed is that Ticketbleed exposes 31 bytes at a time rather than 64k.


More Technical insight:-

This vulnerability lies in the implementation of Session Tickets, which is a resumption techniques that is used to speed up repeated connections.

The server is supposed to echo back the Session ID whenever a client supplies a Session ID along with a Session Ticket which signals the acceptances of the tickets.Now in case of F5 stack ,it always echoes back 32 bytes of memory even in the case of the shorter Session ID.

Now if the attacker provides a 1 byte of Session ID then a 31 bytes of uninitialized memory is received back.

How to fix it?

These steps that are mentioned below are provided by F5:-

-Log in to the Configuration utility

-Navigate on the menu to Local Traffic > Profiles > SSL > Client

-Toggle the option for Configuration from Basic to Advanced

-Uncheck the Session Ticket option to disable the feature

-Click Update to save the changes

It is also available in here

Thank you

Comments