SoylentNews is people
SoylentNews
Submission Preview
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
████ # This file was generated bot-o-matically! Edit at your own risk. ████
Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers [securityweek.com]:
Gaps in Cloudflare’s security controls allow users to bypass customer-configured protection mechanisms and target other users from the platform itself, technology consulting firm Certitude warns.
The issue, the company says, arises from the shared infrastructure that all Cloudflare tenants have access to, allowing malicious actors to abuse the trust customers place in the platform’s protections to target them via Cloudflare.
A major cybersecurity vendor offering web application firewall (WAF), bot management, and distributed denial-of-service (DDoS) protections, Cloudflare relies on a network of reverse-proxy servers to inspect all traffic headed to customers’ web servers for malicious activity.
According to Certitude [certitude.consulting], because traffic originating from Cloudflare’s own infrastructure is considered trusted by default, it is not passed through the configured reverse-proxy servers, as is traffic from other parties.
Because of that, the consulting firm says, an attacker registered with Cloudflare can target other users on the platform, essentially bypassing the platform’s protections.
One gap Certitude discovered is related to the ‘Authenticated Origin Pulls’ on Transport Layer mechanism, which relies on a Cloudflare SSL certificate for authentication.
When setting up the authentication mechanism to their web servers (origin servers), customers can opt for using a Cloudflare certificate or for using their own certificate.
However, because the available options are insufficiently documented, and because a custom certificate can only be used with an API, “it is reasonable to assume that customers will opt for the more convenient choice of using the Cloudflare certificate,” Certitude notes.
The use of a shared certificate means that all connections originating from Cloudflare are permitted, regardless of the tenant initiating them.
A similar gap was identified in the ‘Allowlist Cloudflare IP addresses’ on Network Layer mechanism, which blocks connections originating from outside Cloudflare’s IP ranges, but permits all connections from within Cloudflare’s infrastructure.
“An attacker can establish a custom domain with Cloudflare, direct the DNS A record to the victims IP address. Next, they disable all protection features for that custom domain and route their attack(s) through Cloudflare’s infrastructure, effectively bypassing the protection features that the victim has configured,” Certitude explains.
The consulting firm has published a proof-of-concept (PoC) demonstration of these issues and recommends the use of custom certificates for connection authentication and the use of Cloudflare Aegis to mitigate the gaps.
Certitude says it reported the issues through Cloudflare’s bug bounty program in March, and that its report was marked as ‘informative’ and closed without a fix. A Cloudflare spokesperson has yet to respond to SecurityWeek’s request for a statement.
Related: Threat Actors Abuse Cloudflare Tunnel for Persistent Access, Data Theft [securityweek.com]
Related: Cloudflare Unveils New Secrets Management Solution [securityweek.com]
Related: Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare [securityweek.com]
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.
Register [on24.com]
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
Register [on24.com]
Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making.(Fawaz Rasheed) [securityweek.com]
Many previously isolated OT networks, like manufacturing, processing, distribution, and inventory management, have now been woven into larger IT networks.(John Maddison) [securityweek.com]
ZTNA stands out as a solution that enables organizations to minimize their attack surface while ensuring the productivity and security of their remote workforce.(Torsten George) [securityweek.com]
Learning how to keep discussions on-topic is an important skill for security professionals to learn, and it can allow them to continue to improve their security programs.(Joshua Goldfarb) [securityweek.com]
Cost avoidance is a powerful way to kick-off ROI discussions. However, to quickly move beyond objections, shifting to a more tangible approach to calculate ROI can help.(Marc Solomon) [securityweek.com]
https://www.securityweek.com/cloudflare-users-exposed-to-attacks-launched-from-within-cloudflare-researchers/">
href="whatsapp://send?text=Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
https://www.securityweek.com/cloudflare-users-exposed-to-attacks-launched-from-within-cloudflare-researchers/">
href="https://www.securityweek.com/cdn-cgi/l/email-protection#053a7670676f6066713846696a7061636964776025507660777625407d756a76606125716a2544717164666e76254964706b666d60612543776a6825526c716d6c6b2546696a706163696477603f25576076606477666d607776236468753e474a415c384c25636a706b6125716d6c76256477716c666960256c6b7160776076716c6b6225646b6125716d6a70626d71256a6325766d64776c6b62256c7125726c716d257c6a702b25466d60666e256c71256a70713f256d717175763f2a2a7272722b76606670776c717c7260606e2b666a682a66696a7061636964776028707660777628607d756a76606128716a2864717164666e76286964706b666d60612863776a6828726c716d6c6b2866696a7061636964776028776076606477666d6077762a">
Vulnerabilities
Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...
Data Breaches
OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...
Risk Management
The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...
IoT Security
A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...
Vulnerabilities
Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.
Vulnerabilities
The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.
Vulnerabilities
A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...
Cybercrime
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.
Close
single-point-of-honeypot dept. Certitude says it reported the issues through Cloudflare’s bug bounty program in March, and that its report was marked as ‘informative’ and closed without a fix.
