Despite the Similarities, This is Not Another Heartbleed.
A new vulnerability is being compared to Heartbleed, the most infamous SSL/TLS vulnerability of all time. The Ticketbleed Vulnerability affects F5’s TLS library. F5 is a major IT company that makes network devices such as load balancers. More than two dozen of its devices are affected, most notably many of its BIG-IP products.
“It is similar in spirit and implications to the well known Heartbleed vulnerability,” writes Filippo Valsorda, who discovered the Ticketbleed vulnerability. However, while Heartbleed was a legitimate internet-wide emergency, Ticketbleed only affects a very small fraction of sites.
Only a few thousand websites have been found to be affected, and F5 has patches available to fix the problem. Netteller.com, an internet banking platform used by smaller banks and credit unions, and Paychex.com, a payroll company, were among notable sites affected by the Ticketbleed Vulnerability.
A dedicated page has been set up that has information on mitigation and a test to confirm if your site is affected by Ticketbleed. If you are using an F5 device, you should check that site and patch your device immediately to mitigate the vulnerability.
How the Ticketbleed Vulnerability Works
Ticketbleed was discovered by Filippo Valsorda, who works on Cloudflare’s cryptography team. Valsorda and a colleague found the problem while troubleshooting an issue affecting a Cloudflare customer and documented the discovery of Ticketbleed on his blog.
Ticketbleed is caused by a bug in how F5’s TLS library handles Session IDs/Tickets. The most important thing to know is that this is not an internet-wide disaster – Ticketbleed only affects websites using a vulnerable F5 device with Session Tickets turned on.
Session IDs and Tickets are an optional feature of TLS that allows for connection resumption between a client and server. If the client has previously connected to that server it can send its Session Ticket in the handshake and pick up where they left off, reducing the time it takes to establish a connection.
F5’s software incorrectly thinks that Session IDs are always 32 bytes, and thus always sends a 32 byte response even if the Session ID is shorter. If the Session ID is shorter, the software needs to fill the gap so that is has 32 bytes to send. It does this by just grabbing the following bytes until it has enough.
The risk if that those following bytes could contain sensitive data – such as session keys, or any other random data if it’s uninitialized memory. An attacker could grab up to 31-bytes of such data by sending the smallest possible session key.
However, there are no proof of concepts showing how to use Ticketbleed to extract specific data. While researching Ticketbleed, Valsorda was only able to grab other session IDs, which is not very concerning. Essentially, this is a vulnerability without an attack.
The bug had not been previously discovered because all major web browsers use 32-byte Session IDs, and therefore F5’s assumption was usually right. However the TLS specification says Session IDs can be smaller. Cloudflare uses software written in the Go programming language, and it’s TLS library uses 16-bit Session IDs.
Not The Next Heartbleed
Heartbleed was such a major bug because of the scope of affected sites and its severity.
Heartbleed was a bug in OpenSSL, the most widely used SSL/TLS library, which affected more than 50% of all websites. A Cloudflare-sponsored challenge showed that Heartbleed could be used to extract a site’s private key, which could be used to decrypt data transmitted to and from that server. That’s just about the worst thing you could steal with a TLS vulnerability.
By comparison, the Ticketbleed Vulnerability is extremely niche. That’s because the bug is specific to F5’s own TLS code. More specifically, the bug is limited to certain F5 devices and they must have turned on the optional Session ID feature. During his investigation, Valsorda scanned the Alexa and Cisco Top 1 Million Sites list and found less than 2,000 sites that were vulnerable.
Valsorda said while “it’s unclear what data might be exfiltrated via [the Ticketbleed] vulnerability,” it is better to be cautious after “Heartbleed and the Cloudflare Heartbleed Challenge taught us not to make assumptions of safety with uninitialized memory.”
It is true that Ticketbleed has the possibility of exposing sensitive information that could compromise HTTPS connection. But there is no attack developed with it, and now that F5 has patched the vulnerability with a hotfix, it is unlikely that someone will develop an attack.
Heartbleed was an all-hands-on-deck disaster. In the wake of its discovery, hundreds of thousands of SSL certificates were re-issued to ensure private keys had not been compromised. Here at The SSL Store, we contacted our entire customer-base to warn them of the risk.
Ticketbleed is tiny in comparison – a bug affecting a specific vendors products that are being primarily used in large enterprises with dedicated IT departments and security staff. For the vast majority of people out there, this is a curiosity, and not a real danger.