Reverse proxy and load balancer TRAEFIK exist a vulnerability leak TLS certificate

Developed by the French software company, TRAEFIK is a well-known load balancer that many companies deploy in server clusters to control traffic.

However, a vulnerability (CVE-2018-15598) could reveal a deployed digital certificate, and an attacker could exploit the vulnerability to copy a copy of the certificate’s private key directly.

The disclosure of a private key means that the certificate is no longer secure because the attacker can directly build a phishing website or even hijack the user’s access through the private key.

Fortunately, it was the white hat hacker who discovered the vulnerability and therefore submitted the vulnerability to the developer in time. The latest version of TRAEFIK has fixed the vulnerability.

 

The vulnerability is in the TRAEFIK API interface:

TRAEFIK has a control panel to help users configure it more efficiently, as well as an open interface for users to call and customise development.

However, a vulnerability exists in the interface that allows an attacker to query the settings of a digital certificate directly, and then copy a copy of the certificate to complete the theft of the digital certificate.

Of course, the premise is that the TRAEFIK panel has been exposed on the public Internet network. If the public network access is not configured, the hacker cannot directly access the server.

After copying the certificate, there are a lot of users, for example, to build the same phishing website as the official website to induce the user to enter the account password for stealing.

It is also possible to perform a man-in-the-middle attack to decrypt the communication content between the user and the server, so if the digital certificate reveals the private key, then there is no security.

The latest version of TRAEFIK has been fixed in time:

Currently, software developers have released a new version of TRAEFIK to fix the vulnerability, so companies using the software only need to upgrade to the latest version.

At the same time, the developer also added a more eye-catching hint in the control panel configuration options: enabling the API will expose all configuration information including digital certificates and so on.

Developers who have to use this feature can set up authentication and authorisation protection, which means that hackers or others are not allowed to access the panel directly.

It is also recommended that companies using the TRAEFIK API interface check the configuration as soon as possible and close the API access immediately before completing the new upgrade and authentication.

Via: bleepingcomputer