Security News > 2021 > April > F5 Big-IP Vulnerable to Security-Bypass Bug
F5 Networks' Big-IP Application Delivery Services appliance contains a Key Distribution Center spoofing vulnerability, researchers disclosed - which an attacker could use to get past the security measures that protect sensitive workloads.
In some cases, the bug can be used to bypass authentication to the Big-IP admin console as well, they added.
"Perhaps because requiring it complicates configuration requirements. However, if the KDC does not authenticate to the server, the security of the protocol is entirely compromised, allowing an attacker that hijacked network traffic to authenticate to Big-IP with any password, even an invalid one."
"BIG-IP APM AD authentication can be bypassed using a spoofed AS-REP response sent over a hijacked KDC connection, or from an AD server compromised by an attacker," the advisory read. However, initial access may not be that difficult: In March, four critical remote code-execution flaws in F5's BIG-IP and BIG-IQ enterprise networking infrastructure came to light that could allow attackers to take full control over a vulnerable system.
In any event, Silverfort laid out the steps an attacker can take to spoof a DC to bypass this kind of authentication, assuming the ability to hijack the network communication between Big-IP and the DC:. "We simulated an attack by redirecting the traffic between Big-IP and the KDC on port 88 to our own Windows Server," they explained.
"An APM access policy can also be configured for BIG-IP system authentication. A spoofed credential related to this vulnerability for an administrative user through the APM access policy results in local administrative access."