Cloudflare DDoS protections bypassed using Cloudflare flaw [PoC]

I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Content source
https://www.bleepingcomputer.com/news/security/cloudflare-ddos-protections-ironically-bypassed-using-cloudflare/
Cloudflare vs Cloudflare
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. To make matters worse, the only requirement for the attack is for the hackers to create a free Cloudflare account, which is used as part of the attack.

[...]
Click to expand...
Researchers Florian Schweitzer and Stefan Proksch, who discovered the logic flaws, reported it to Cloudflare via HackerOne on March 16, 2023, but the issue was closed as "informative."

BleepingComputer has contacted Cloudflare to ask if there are any plans to implement additional protection mechanisms or warn clients with potentially risky configurations, but we have yet to hear back.
Click to expand...
 
  • Wow
  • Like
Reactions: Vasudev, ForgottenSeer 100397, Trident and 5 others
Numeriku

Numeriku

Level 2
Verified
Mar 13, 2022
65
This flaw is only worrying if your server IP is leaked, if you secure your website properly with good coding and emails hosted elsewhere, the bypass won't work, most people are using Cloudflare for the proxy/hiding your server IP, if your server IP is leaked what would be the point of using Cloudflare.
 
  • Like
Reactions: Vasudev and ForgottenSeer 100397
SumTingWong

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
Numeriku said:
This flaw is only worrying if your server IP is leaked, if you secure your website properly with good coding and emails hosted elsewhere, the bypass won't work, most people are using Cloudflare for the proxy/hiding your server IP, if your server IP is leaked what would be the point of using Cloudflare.
Click to expand...
What about public cloudflare 1.1.1.1 dns?
 
  • Like
Reactions: Numeriku, bjm_, Vasudev and 1 other person
V

Vasudev

Level 33
Verified
Nov 8, 2014
2,247
My TPLink router has been acting up for few weeks when I add 1.1.1.1 and now it accepted 1.0.0.2. Should I revert to some other DNS?
 
Numeriku

Numeriku

Level 2
Verified
Mar 13, 2022
65
SumTingWong said:
What about public cloudflare 1.1.1.1 dns?
Click to expand...
Not affected, this is related to authenticated origin pulls and the way Cloudflare handles accounts, if an attacker knows your origin IP, it can act as your origin to bypass the protection that Cloudflare offers.
 
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • +Reputation
Security News Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Replies
0
Views
1,581
Security News
CyberTech
CyberTech
silversurfer
    • Like
    • +Reputation
Cloudflare blocks record-breaking 71 million RPS DDoS attack
Replies
0
Views
537
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Wow
    • Like
Cloudflare mitigates record-breaking HTTPS DDoS attack
Replies
0
Views
729
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top