Last updated on: November 3, 2022
Ticketbleed is a recently disclosed vulnerability in some F5 load balancers. This problems allows attackers to retrieve up to 31 bytes of process memory, which could potentially include sensitive data (for example private keys). It is similar in nature to Heartbleed (a vulnerability in OpenSSL from 2014), but less severe because much less data can be extracted.
Update (7 April 2017): Ticketbleed detection is now available on SSL Labs production servers.
At the core, the vulnerability is simple. When session tickets are used, clients are expected to submit a session ID to the server when they present their ticket. In this particular use cases, clients decide on the session ID and are allowed to submit an arbitrary string containing from one to 32 bytes. At the same time, F5 devices had a software bug that always responded with 32 bytes of data, even if fewer bytes were submitted by the client. Thus, if a client submits only one byte as the session ticket ID, it will get back 31 bytes of uninitialised memory from the server.
SSL Labs will add Ticketbleed detection in the next release, scheduled to be deployed
tomorrow soon. We will update this blog post afterwards. Because this is a vulnerability, we will fail servers that are discovered with the problem.