The Cloudflare mTLS vulnerability - A Deep Dive Analysis

preview_player
Показать описание
Cloudflare released a blog detailing a vulnerability that has been in their system for nearly two years. it is related to mTLS or mutual TLS and specifically client certificate revocation. I explore this in details

0:00 Intro
3:00 The Vulnerability
7:00 What happened?
8:50 Certificate Revocation
12:30 Rejecting certain endpoints
17:00 Certificate Authentication
20:30 Certificate serial number
24:00 Session Resumption (PSK)
35:00 The bug
37:00 How they addressed the problem

Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)

Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)

Fundamentals of Database Engineering udemy course (link redirects to udemy with coupon)

Follow me on Medium

Introduction to NGINX (link redirects to udemy with coupon)

Python on the Backend (link redirects to udemy with coupon)

Become a Member on YouTube

Buy me a coffee if you liked this

Arabic Software Engineering Channel

🔥 Members Only Content


🏭 Backend Engineering Videos in Order

💾 Database Engineering Videos

🎙️Listen to the Backend Engineering Podcast

Gears and tools used on the Channel (affiliates)

🖼️ Slides and Thumbnail Design
Canva


Stay Awesome,
Hussein
  1. Hussein Nasser
  2. hussein nasser
  3. backend engineering
Рекомендации по теме
The Cloudflare mTLS 0:42:25

The Cloudflare mTLS vulnerability - A Deep Dive Analysis

SSL, TLS, HTTPS 0:05:54

SSL, TLS, HTTPS Explained

mTLS: When Certificate 0:22:14

mTLS: When Certificate Authentication is Done Wrong

Using Cloudflare Tunnels 0:20:56

Using Cloudflare Tunnels For Hosting & Certificates Without Exposing Ports On Your Firewall

mTLS with NGINX 0:31:01

mTLS with NGINX

Why is JWT 0:05:14

Why is JWT popular?

The growing threat 0:42:17

The growing threat to APIs -and how Cloudflare API Gateway can help (with Demo)

How to Harden 0:03:34

How to Harden TLS Session Resumption?

How to deliver 0:28:34

How to deliver a player experience for your gaming in a secured way and automate threat defense

Cloudflare Zero Trust 0:07:12

Cloudflare Zero Trust Network Access Demo

Secure your Cloud 0:15:57

Secure your Cloud Services with TLS X.509 Client Certificates

Damiete King-Harry Solutions 0:13:34

Damiete King-Harry Solutions Engineer from Cloudflare

How to create 0:25:01

How to create a valid self signed SSL Certificate?

Mutual TLS | 0:50:16

Mutual TLS | The Backend Engineering Show

API Security & 0:21:18

API Security & Performance for Gaming

Top 3 Things 0:03:55

Top 3 Things You Should Know About Webhooks!

OAuth and the 0:58:15

OAuth and the long way to Proof of Possession - Dominick Baier & Steinar Noem - NDC Security 202...

How to Write 0:04:25

How to Write an SSL Bypass Rule in Cloud Web Security

#Hacktivity2022 // How 0:40:39

#Hacktivity2022 // How Attackers Abused DNS in 2021/2022 by Piotr Głaska

Webinar Cloudflare Zerotrust 0:41:27

Webinar Cloudflare Zerotrust - Prianto

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

The Art of 0:43:23

The Art of Lurking: Effective C2 Channels | Corey Overstreet

Cloudflare - Zero 0:52:29

Cloudflare - Zero Trust Lab Demo

Day 18 - 0:47:29

Day 18 - mTLS with Azure AppGateway & AppService with Didier Van Hoye & Wim Matthyssen

Комментарии
Автор

Hussein Bro, your dedication to sharing valuable knowledge and insights on your channel is truly remarkable - you are a vast ocean of knowledge and an inspiration to many! Love you bro...

zakstev
Автор

The cost of visiting a disneyland is out of hand. Even if you arrive at the gate before the park opens, it can take 1 800 000ms just to verify your certificate

catcatcatcatcatcatcatcatcatca
Автор

It's great that Cloudflare wasn't able to detect any exploitation when they found this vulnerability. Makes you think with the mass layoffs that's currently happening in big tech, what are the possibilities that an engineer who's responsibility it was to find things like this didn't have the opportunity to.

CodingWithLewis
Автор

Viscerally easy to imagine the original design conversation at Cloudflare between the Product Manager and the Security Engineer:

Product Manager: Wah, wahh, wahh, wahh, ... customer demands feature ... wah, wah, wahhhh, wah, wah.
Security Engineer: But, but ... mTLS doesn't work like that!
Product manager:

toddbeets
Автор

Interesting! Thank you so much, Hussein!

HarshKapadia
Автор

I thought I understood this, but I can’t figure out how the vulnerability works on the most basic level.

I suppose I just am missing some crucial detail here, which causes the confusion. But based on the video I understood that checking the validity of the certificate was not the responsibility of this edge service: passing it forward in the HTTP header was.

If the certificate was expected to be checked before, that would mean one couldn’t handle it with firewall rule, as this header was meant to be used by the firewall. So I ruled that out as it would defeat the whole point of the system.

If the check is done after this point, I can’t see why empty header would be evaluated as if it was a valid client certificate.

As I understood it, the intended behaviour would have been the exact same, except the header would contain an invalid certificate instead of nothing. Which is why I don’t see the explained step, even when working correctly, checking anything at all.

catcatcatcatcatcatcatcatcatca
Автор

Can You Please make a detailed video about how ZERO-TIER exactly works. How UDP hole punching, SDWAN, VPN all works together in Zero-Tier. I didn't find any detailed video explaining about the architecture behind it. Thanks

sgsudhir_
Автор

"That Root certificate is self-signed because who God is going to assign certificates now?" LMAO

Rex-Daemon
Автор

Theory.. No Implementation or Example...

KhanSaysOfficial