| ||||||||||||||||||||||||
A critical zero-day vulnerability in Cloudflare's Web Application Firewall (WAF)allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path.
Security researchers from FearsOff discovered that requests targeting the /.well-known/acme-challenge/ directory could reach origins even when customer-configured WAF rules explicitly blocked all other traffic.
The Automatic Certificate Management Environment (ACME) protocol automates SSL/TLS certificate validation by requiring Certificate Authorities (CAs) to verify domain ownership.
No comments:
Post a Comment