A vulnerability, colloquially referred to as Ticketbleed vulnerability has been discovered in the TLS/SSL stack used by F5 Networks Inc. in their BIG-IP products. This vulnerability affects BIG-IP SSL virtual servers with the non-default session tickets option enabled. Very similar to the well-known Heartbleed vulnerability, Ticketbleed allows a remote attacker to extract up to 31 bytes of uninitialized memory. This issue could potentially allow an attacker to compromise the private key and other sensitive data stored in memory.
Additional information can be found at:
Immediately apply the workaround to mitigate the vulnerability by disabling the Session Ticket option. Apply any security patches as they become available.
- Log in to the Configuration utility
- Navigate to Local traffic > Profiles > SSL > Client
- Change the option for Configuration from Basic to Advanced
- Uncheck the Session Ticket option to disable the feature
- Click Update to save changes
This vulnerability affects F5’s BIG-IP virtual server component, which is used in a variety of F5 products. A table of vulnerable products and versions can be found at F5’s security bulletin, linked below.
At this time not all releases have upgrades available.
If you would like to test if your server is vulnerable you can use the following public tools:
- https://filippo.io/Ticketbleed/ – online testing tool
- https://gist.github.com/jakewarren/61c7139c9377c72e16bc446a0c5de818 – command line tool
This vulnerability is caused by a flaw in the implementation of Session Tickets, which is a resumption technique used to speed up repeated TLS connections.
When a client supplies a Session ID together with a Session Ticket, the server is supposed to echo back the Session ID to acknowledge the acceptance of the ticket.
The F5 stack always echoes back 32 bytes of memory, even if the Session ID was shorter than 32 bytes. Since the Session ID values can be anywhere between 1 and 31 bytes in length, an attacker can exploit the vulnerability by providing a 1 byte Session ID value. This causes the server to reply back with 31 bytes of its memory.
For more details on the discovery of the vulnerability: https://blog.filippo.io/finding-ticketbleed/