Subj : Cloudflare security protections can be bypassed in a surprisingly To : All From : TechnologyDaily Date : Mon Oct 02 2023 15:15:05 Cloudflare security protections can be bypassed in a surprisingly simple way Date: Mon, 02 Oct 2023 13:55:31 +0000 Description: All you need is a free Cloudflare account and the victim server's IP address, new analysis shows. FULL STORY ====================================================================== Cloudflares Firewall and DDoS prevention tools carry two worrying vulnerabilities that allow threat actors to send malicious traffic their way, or use their servers to reroute malicious traffic elsewhere, experts have claimed. According to Certitudes researcher Stefan Proksch, the vulnerabilities can be found in Cloudflares Authenticated Origin Pulls, and Allowlist Cloudflare IP Addresses. The former is a security tool that makes sure HTTPS requests sent to an origin server come through Cloudflare, and not from a third party. Cloudflare's Allowlist Cloudflare IP Addresses, on the other hand, is a security feature that makes sure only the traffic coming from Cloudflares IP addresses reaches the clients origin servers. Logic flaws The vulnerabilities leverage logic flaws in cross-tenant security controls, made possible by the fact that Cloudflare uses shared infrastructure accepting connections from all tenants. To abuse the flaws, all a threat actor needs is knowledge of the targeted web servers IP address, and a free Cloudflare attack. As the researcher explained, when configuring the Authenticated Origin Pulls feature, users generate a certificate through Cloudflare, by default. Alternatively, they can upload their own using an API. Now, given that Cloudflare uses a shared certificate for all customers, all connections originating from Cloudflare are fair game: "An attacker can set up a custom domain with Cloudflare and point the DNS A record to victims IP address," Proksch said. "The attacker then disables all protection features for that custom domain in their tenant and tunnel their attack(s) through the Cloudflare infrastructure." "This approach allows attackers to bypass the protection features by the victim." To mitigate this issue, users should use custom certificates. As for the Allowlist Cloudflare IP Addresses tool, if an attacker creates a Cloudflare account and points their domains DNS A record to the victim servers IP address, and turn off all protection features for the custom domain, they can route malicious traffic through Cloudflares infrastructure. From the victims side, this traffic will be seen as legitimate. To define a more specific agress IP address range, dedicated to different clients, users should use Cloudflare Aegis, the researcher suggests. Via BleepingComputer More from TechRadar Pro Cloudflare Tunnels are being used to breach networks Here's a list of the best firewalls today These are the best endpoint protection software right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/cloudflare-security-protections-can-be- bypassed-in-a-surprisingly-simple-way --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .