Critical Ticketbleed Vulnerability Found in F5 Load Balancers
A critical vulnerability, dubbed Ticketbleed, has been discovered in certain F5 load balancers. This issue, found by researchers from Neel, allows attackers to potentially access sensitive data. Filippo Valsorda, who reported the issue to F5, has provided more technical details on his webpages.
Ticketbleed, similar to the infamous Heartbleed but less severe, exploits a flaw in the way some F5 load balancers handle session IDs. When a client sends a session ID, the server responds with 31 bytes of memory, even if fewer bytes were initially sent. This can include sensitive data, up to 31 bytes in size.
The vulnerability was discovered by Riccardo Solmi and Andrew Martin from Neel. Filippo Valsorda played a crucial role in coordinating the disclosure and providing further technical insights. As of 7 April 2017, SSL Labs has made Ticketbleed detection available on its production servers. In the coming release, SSL Labs will fail any servers found to be affected by this issue.
Ticketbleed poses a significant risk to systems using affected F5 load balancers. Users are advised to update their systems promptly. Further information is available from Filippo Valsorda's webpages and SSL Labs.
