A cybersecurity researcher has revealed two vulnerabilities in the Cloudflare content distribution service. By exploiting them, hackers can launch cyberattacks against websites protected by Cloudflare.
You may know the name of Cloudflare without really knowing what it is. This 2007 company is originally a content distribution network and of DNS. It has been enriched with a whole bunch of additional services such as website protection that she manages. Earlier this year, Cloudflare made headlines when it became the target of the largest DDoS attack ever seen. Or rather collective attacks by service saturation as they should be called.
More recently, cybersecurity researcher Stefan Proksch discovered two flaws allowing hackers to bypass the protection offered by the service. Ironically, hackers use Cloudflare to do it. There are two prerequisites however: create a free account And know the IP address of the target’s server. After that, Cloudflare’s firewall and DDoS protection are mostly ignored.
Using the service itself, hackers breach Cloudflare’s security
The first flaw concerns the system ensuring that an http or https request sent to a server comes from Cloudflare and not a hacker. A site owner must provide a certificate to enable protection. The problem is that all users share a common certificate. By using it, the hacker can pretend to be the site he is targeting, deactivate its protections and launch an attack.
The second flaw is similar. She exploits the list of allowed IP addresses by Cloudflare. Here too, it is possible to redirect a domain to another created by someone else. The protections are then lifted and the attack goes through Cloudflare’s infrastructure. The researcher demonstrated to what extent it is easy to use these two loopholes and proposes measures to correct them. He reported his findings to the company last March, but there was no action. The firm has not yet communicated on the subject.
Source: Bleeping Computer