Student Albert Pedersen discovers powerful Cloudflare email bug

November 2, 2019 San Francisco / CA / USA - Exterior view of Cloudflare headquarters; Cloudflare, Inc. is an American network infrastructure and website security company

November 2, 2019 San Francisco / CA / USA – Exterior view of Cloudflare headquarters; Cloudflare, Inc. is an American network infrastructure and website security company
photo: sundry photography (Shutterstock)

Last year, IT company Cloudflare roll out An email routing service that enables users to set up a large number of addresses connected to the same inbox.Email routing can be a powerful Privacy Tools, as it allows you to hide your actual email address behind a network of temporary or “burnable” addresses.Unfortunately, as in Research Posted on Wednesday by a college student in Denmark, Cloudflare has a huge bug in its service. If exploited properly, the vulnerability could allow any user to read or even manipulate other users’ emails.

Albert Pedersen, currently a student at Skive College in Midtjylland, wrote that he discovered the invasive bug back in a write up Posting to his website, Pedersen explained that the vulnerability would allow hackers to “modify the routing configuration of any domain that uses the service.”

“I’m curious and like to poke things up to see if they break. I want to help keep the internet safe,” Pedersen told Gizmodo in a direct message. “I’ve always been interested in all things computing and IT. I found and reported my first bug last April, and I’ve spent a lot of time hunting for bugs since then.”

Cloudflare’s Vulnerability confirmed But it said it was never exploited, involving a flaw in the program’s “zone ownership verification” system, which meant it was possible for hackers to reconfigure email routing and forwarding for email domains that didn’t belong to them. Appropriate manipulation of the vulnerability would allow anyone with knowledge of the vulnerability to reroute any user’s email to their own address. It also allows hackers to completely block certain emails from being sent to the target.

In his article, Pedersen points out that it’s not difficult to find an online list of email addresses that come with Cloudflare’s services. Using one of these lists, bad guys can easily target anyone using a forwarding service.

After discovering the vulnerability, Pedersen managed to reproduce it multiple times using multiple personal domains and decided to report the issue to Cloudflare’s bug bounty program. The program eventually awarded a total of $6,000 for his efforts. Pedersen also said that his blog is published under a license from Cloudflare.

In an email to Gizmodo, a company representative reiterated that the vulnerability was fixed as soon as it was discovered: “As summarized in the researcher’s blog, the vulnerability was disclosed through our bug bounty program. We then resolved the issue. , and confirmed that the vulnerability was not exploited.”

It’s not a good thing because if the hacker Have Armed with this exploit, they could cause some real inbox damage. In his article, Pedersen noted that cybercriminals may have used the vulnerability to reset passwords, which would compromise other accounts associated with the exploited email addresses:

“Not only is this a huge privacy concern, but since password reset links are often sent to a user’s email address, bad actors could also take control of any account associated with that email address. This is a great example of , explains why you should use 2-factor authentication,” he wrote.

the truth! Use Two-Factor Authentication! It just goes to show: We need as many nerds as possible watching the internet because you never know when something that sounds great is actually a giant security disaster waiting to happen.

Source link