Ticketbleed is a vulnerability found in the implementation of session tickets. Ticketbleed is a major vulnerability that allows an attacker to retrieve up to 31 bytes of the server’s process memory. The received memory might include sensitive information like private keys, user credentials and many more. When a session ticket is issued, the clients are expected to submit a session ID to the server when they present their ticket. In this particular use-case, clients decide not to submit the session ID and instead submit an arbitrary string containing one to 32 bytes. This vulnerability was found when F5 had a software bug that always responded with 32 bytes of data, even if the client submitted fewer bytes. An attacker can send 1-byte session id to receive a 31 bytes uninitialized memory.
The ticketbleed attack is similar to the heartbleed attack. The difference between ticketbleed and heartbleed is that the ticketbleed exposes 32 bytes of memory. While the heartbleed attack exposes 64k bytes.
The impact include:-
Beagle recommends the following fixes:-