Internet

If you use Cloudflare to protect your website, it could also be at risk due to this bug

But what do they actually use to bypass Cloudflare’s DDoS protections? Precisely, Cloudflare. They use this service to bypass those protection systems. An attacker simply has to create a free account on this platform and use it to carry out the attack.

Cloudflare bug

In order to exploit this security flaw, it is necessary for attackers to know the IP address of the target web server. This way, they could take advantage of that vulnerability and attack. They could carry out DDoS attacks that cause a website to malfunction or even become unavailable.

Behind this discovery is security researcher Stefan Proksch, who belongs to Certainty. He discovered that the problem lies in the strategy Cloudflare uses to accept connections. There are two vulnerabilities in the system, which are origin authentication and the IP addresses that Cloudflare allows.

The first, known in English as Authenticated Origin Pulls, is a security feature that this service provides to ensure that HTTP requests they really are from Cloudflare and not another service that is trying to launch a DDoS attack. Use a certificate to authenticate HTTP requests and thus avoid unauthorized requests.

The problem is that, as the security researcher behind this discovery indicates, Cloudflare uses the same certificate for all its clients and not a specific one for each one. Therefore, this allows all connections originating from Cloudflare. This allows the victim’s protection functions to be bypassed.

Basically, it means that an attacker only needs to have one Cloudflare account and from there direct malicious traffic to other Cloudflare customers. It can launch DDoS attacks against a company’s infrastructure.

We must also mention the problem that affects the IP address list that Cloudflare enables. This measure only allows traffic that reaches the clients’ origin servers to be generated in a Cloudflare address range. But again, the attacker could set up a domain with this service and affect the victim.

Fake DDoS Pages

How to avoid this problem

But what could we do to avoid these types of problems? According to Stefan Proksch, the only solution is to use custom certificates and not those generated by Cloudflare. This avoids using that shared certificate, which is one of the options that an attacker will use to launch these threats.

They also recommend define a more specific outbound IP address range, dedicated to each client. It is another measure to limit possible attacks that may mean that a website is no longer protected. You can see the entire Certitude report, where they detail exactly the problem and possible solutions.

In short, as you see Cloudflare serves to protect a website, but they could even use the service itself to launch DDoS attacks. A problem that can put the operation of many websites at risk. There are many computer attacks every day, so it is essential to take measures to avoid them.

Related Articles