๐ Cloudflare Public Bug Bounty: Using special IPv4-mapped IPv6 addresses to bypass local IP ban
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
By using IPv4-mapped IPv6 addresses there was a way to bypass Cloudflare server's network protections and start connections to ports on the loopback (127.0.0.1) or internal IP addresses (such as 10.0.0.1). The bug was caused by the way a Go library interprets mapped IP addresses and how our code was checking for banned IPs. The code was fixed and now checks both IPv4 and IPv6 properly. Cloudflare has checks in place to block requests destined for banned IP addresses like local and reserved IP ranges. It was possible to bypass these restrictions using proxied AAAA records containing IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1 and ::ffff:10.0.0.1). This made it possible to access HTTP services listening on the loopback interface of the edge server handling the request, as well as the internal IP addresses of other hosts on the local... ...