F5 TLS Session Ticket Implementation Remote Memory Disclosure (Ticketbleed) (uncredentialed check)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by an information disclosure
vulnerability.

Description :

Based on its response to a resumed TLS connection, the remote
service appears to be affected by an information disclosure
vulnerability, known as Ticketbeed, in the TLS Session Ticket
implementation. The issue is due to the server incorrectly echoing
back 32 bytes of memory, even if the Session ID was shorter. A remote
attacker can exploit this vulnerability, by providing a 1-byte Session
ID, to disclose up to 31 bytes of uninitialized memory which may
contain sensitive information such as private keys, passwords, and
other sensitive data.

Note that this vulnerability is only exploitable if the non-default
Session Tickets option enabled.

See also :

http://ticketbleed.com/
https://blog.filippo.io/finding-ticketbleed/
https://support.f5.com/csp/article/K05121675

Solution :

Upgrade to a fixed version according to the vendor advisory
(K05121675). Alternatively, disable the Session Ticket option on the
affected Client SSL profile.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: General

Nessus Plugin ID: 97191 ()

Bugtraq ID:

CVE ID: CVE-2016-9244

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now