"Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover. FearsOff security researchers reported the bug in October through Cloudflare's bug bounty program, and the CDN says it has patched the vulnerability in its ACME (Automatic Certificate Management Environment) validation logic with no action required from its customers."
"ACME is a protocol that certificate authorities and services like Cloudflare use to automate the issuance, renewal, and revocation of SSL/TLS certificates."
Cloudflare fixed a WAF flaw that permitted attackers to bypass security rules and directly access origin servers, creating risk of data theft or complete server takeover. FearsOff security researchers reported the vulnerability in October through Cloudflare's bug bounty program. Cloudflare patched the issue in the ACME validation logic used to automate certificate management and stated no customer action was required. ACME handles automated issuance, renewal, and revocation of SSL/TLS certificates for certificate authorities and CDNs. The patched validation logic prevents malicious requests from reaching origin servers through WAF bypasses and restores intended protection.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]