Cloudflare DDoS protections ironically bypassed using Cloudflare


Cloudflare’s Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls.

This bypass could put Cloudflare’s customers under a heavy burden, rendering the protection systems of the internet firm less effective.

To make matters worse, the only requirement for the attack is for the hackers to create a free Cloudflare account, which is used as part of the attack.

However, it should be noted that the attackers must know a targeted web server’s IP address to abuse these flaws.

Read more…