The Ticketbleed vulnerability affects the proprietary F5 BIG-IP appliances’ SSL/TLS stack. Read more about the exposure and what you can do to detect and prevent it below!
Ticketbleed Security Assessment
CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ticketbleed (CVE-2016-9244) explained
The Ticketbleed vulnerability (CVE-2016-9244) was discovered by Filippo Valsorda in 2017 while examining a bug report from a customer using an F5 load balancer between their server and the Cloudflare Railgun. This software vulnerability affects the implementation of session tickets in the TLS/SSL stack of F5 appliances, such as a BIG-IP virtual server. It specifically applies to those appliances with the non-default session ticket option enabled.
Session tickets are used during the handshake between client and server. Along with the ClientHello, the client sends a session ticket to the server to resume a previous session rather than negotiate a new one. Along with encrypted key material of a prior connection, the session ticket includes a session ID which the server is supposed to echo back to the client to confirm the ticket’s acceptance and the session’s resumption.
Filippo found that the resumption technique failed because the F5 device assumed that the session ID had to be of a certain length. Session IDs can be between 1 and 31 bytes long, yet the F5 devices would always echo back 32 byte IDs. The F5 server would pad the ID to its maximum length instead of returning the same ID to the client. This would confuse the client and cause a bug.
The problem is that instead of random padding, the server would send unallocated or uninitialized memory in its response. In other words, the server would inadvertently reveal data that could be sensitive.
An attacker could deliberately send a 1-byte session ID to trick the server into returning 31 bytes of memory.
Learn how to detect and prevent different kinds of SSL/TLS vulnerabilities.
What is the impact of Ticketbleed?
The impact of Ticketbleed, while potentially harmful, is limited.
Tests performed by Filippo Valsorda showed that among the Alexa top 1 million websites, 949 were vulnerable to the bug, and among the Cisco Umbrella top 1 million, 1602 were vulnerable. These vulnerable sites replied with unexpected memory.
The severity of this bug is lower than that of the Heartbleed bug. See below for more about the difference between the Ticketbleed and Heartbleed bugs.
What is the difference between Ticketbleed and Heartbleed?
Ticketbleed and the OpenSSL Heartbleed bug are similar in their implications and mechanism. Both expose random and potentially sensitive data through uninitialized memory. However, there are also some significant differences between them.
Heartbleed exposes 64 kilobytes of data per session, whereas Ticketbleed can expose at most 31 bytes. This makes Ticketbleed much slower as many more sessions must be executed until any meaningful amount of data is exposed.
While Heartbleed affected OpenSSL and more than 600,000 addresses, Ticketbleed is limited to F5 TLS/SSL BIG-IP appliances and only those with the non-default session tickets option enabled.
Detect Ticketbleed in your F5 TLS stack
This bug can be detected by monitoring passive traffic since session IDs are unencrypted.
It must be noted that simply monitoring for IDs that are shorter than 32 bytes may result in false positives since, according to the RFC specification, any session ID length between 1-32 bytes is permissible.
Alternatively, you can use the following Go script or the SSL Labs server test.
Prevent the CVE-2016-9244 attack
To prevent Ticketbleed, you must either upgrade the version of your appliance or change its settings.
A complete list of the affected versions of appliances can be found on the F5 website. These are primarily versions 12.0.0 – 12.1.2 and 11.4.0 – 11.6.1. Therefore, if you have a device running a version known to be vulnerable, you must upgrade it to one known to be without the vulnerability.
Some appliances do not have newer versions, so it may not be possible to upgrade to a non-vulnerable version. In this case, you can mitigate the issue by disabling the session ticket option. Though this solves the problem entirely, it introduces performance degradation because sessions cannot be resumed.
To disable session tickets, follow the instructions provided by F5:
- Log in to the Configuration utility
- Go to Local Traffic > Profiles > SSL > Client
- Select the Advanced configuration option
- Uncheck the session ticket box to disable the feature
- Click Update to apply the changes
Disabling session tickets should not have any adverse effects on your system.
What is the Ticketbleed bug?
Ticketbleed, or CVE-2016-9244, is a vulnerability in the TLS/SSL stack of several F5 BIG-IP appliances. Using this vulnerability, attackers can expose up to 31 bytes of unallocated memory, potentially including TLS/SSL session IDs.
How dangerous is Ticketbleed?
Ticketbleed is a limited vulnerability as it applies only to certain F5 appliances. Moreover, since it can expose at most 31 bytes per attempt, capturing enough data requires more time and attempts on attackers. With enough time on their hands, though, attackers can still gain valuable data if they are not stopped.
How does Ticketbleed compare to Heartbleed?
Both bugs similarly expose data. The main differences are that Ticketbleed reveals at most 31 bytes, whereas Heartbleed exposes 64k per attempt, and that Ticketbleed is more limited in scope. At the same time, Heartbleed affected OpenSSL and more than half a million IP addresses.