Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Akamai Technologies, Inc.    AKAM

AKAMAI TECHNOLOGIES, INC.

(AKAM)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Akamai Technologies : Black Hat Presentation - Web Cache Entanglement

share with twitter share with LinkedIn share with facebook
08/05/2020 | 02:32pm EDT

Overview

Akamai is aware of the 'Web Cache Entanglement: Novel Pathways to Poisoning' presentation at BlackHat on August 5, 2020. Two security vulnerabilities related to our content delivery networks' caching functionality were presented as part of this research. Akamai would like to thank James Kettle for disclosing this vulnerability to Akamai in advance of his presentation.

Web cache attacks, in any form including cache poisoning or deception, can be triggered against any web cache (either CDN or centralized caching proxy) where the origin and cache disagree about cacheability. These attack types potentially allow an attacker to influence the content served by the cache. This research discloses two separate, related vulnerabilities, each of which has been or is being mitigated by our technical teams.

Technical Details

The Akamai content delivery network uses unique identifiers called 'Cache Keys' when adding or retrieving content in Akamai's cache. The two security vulnerabilities are related to the way these keys are generated and used.

Vulnerability 1: Transform Cache Poisoning

Certain Akamai products manipulate the cache key to indicate content has been transformed; for example, when using Front End Optimization (FEO) or injecting JavaScript for our mPulse product. An adversary could craft a request that could interfere with product function by manipulating these keys.

This vulnerability allows creating a cache key collision related to content generated and cached automatically as part of Akamai product features. This creates a method to interfere with the proper functioning of caching services but does not allow control of content served by attackers. Mitigation for this attack has been deployed, and no customer action is required to enable protections.

Vulnerability 2: Flexible Cache Key Collisions

Akamai uses flexible cache keys as a feature to give customers the ability to cache multiple objects under a single base path by making changes in their configurations. These values are concatenated into a string that is used to reference the full cache key for the object. These features are used by a subset of Akamai customers, and this vulnerability does not apply to the majority of Akamai customers.

This vulnerability was introduced due to a character encoding issue that happens when the string is generated. This issue allows an attacker to trick an Akamai server into caching two different requests to the origin under the same cache key.

This vulnerability only applies to a subset of objects cached with a flexible cache key. The practical impact of this vulnerability is directly related to the behavior at the origin servers. The vulnerability can increase the severity of some attacks, such as Reflected XSS and other attacks that rely on responses based on input without sanitization. Alternatively, the vulnerability could be used to pollute the cache, making the site unstable and unusable for visitors.

Akamai is in the process of carefully orchestrating an update to mitigate this second vulnerability. The mitigation for this vulnerability changes the way these keys are generated to prevent an attacker from 'forging' a cache key via a specially crafted request. This change will force some requests to go forward to origin and repopulate the cache using the new cache key format over time. Akamai anticipates these changes will have minimal impact on most customers but is monitoring the effect of changes closely.

Recommendations

No action is needed by Akamai customers in response to the transform cache poisoning vulnerability. The change to address the flexible cache key collision vulnerability is currently being deployed, and no action by customers is necessary. For more information on both issues, please contact your customer service representative.

Akamai is committed to making continuous improvements to make our systems more resilient and secure. We would like to once again thank James Kettle for his effort to make us aware of these vulnerabilities and an opportunity to fix them before his public presentation.

Disclaimer

Akamai Technologies Inc. published this content on 05 August 2020 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 05 August 2020 18:31:12 UTC


share with twitter share with LinkedIn share with facebook
All news about AKAMAI TECHNOLOGIES, INC.
09:15aAKAMAI TECHNOLOGIES, INC. : quaterly earnings release
07:30aAKAMAI SECURITY RESEARCH : Loyalty Programs Continue To Be Targeted By Criminals..
AQ
10/21AKAMAI TECHNOLOGIES : Recognized as a Leader in 2020 Gartner Magic Quadrant for ..
PR
10/21AKAMAI SECURITY RESEARCH : Loyalty Programs Continue to be Targeted by Criminals..
PR
10/14AKAMAI TECHNOLOGIES : Climate Leadership
PU
10/13AKAMAI TECHNOLOGIES : and Snyk Partnership Creates a Powerful Comb ...
PU
10/13AKAMAI TECHNOLOGIES : Balancing Protection with Performance to Double Down ...
PU
10/13AKAMAI TECHNOLOGIES : Launches New Digital Badge Program for Channe ...
PU
10/07AKAMAI TECHNOLOGIES : Taps Industry Leader To Drive Growth And Innovation In Asi..
AQ
10/07AKAMAI TECHNOLOGIES TO HOLD THIRD QU : 30 pm et
PR
More news
Financials (USD)
Sales 2020 3 158 M - -
Net income 2020 562 M - -
Net cash 2020 683 M - -
P/E ratio 2020 31,7x
Yield 2020 -
Capitalization 17 738 M 17 738 M -
EV / Sales 2020 5,40x
EV / Sales 2021 4,92x
Nbr of Employees 7 724
Free-Float 97,2%
Chart AKAMAI TECHNOLOGIES, INC.
Duration : Period :
Akamai Technologies, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends AKAMAI TECHNOLOGIES, INC.
Short TermMid-TermLong Term
TrendsNeutralNeutralBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 20
Average target price 121,61 $
Last Close Price 109,02 $
Spread / Highest target 40,3%
Spread / Average Target 11,5%
Spread / Lowest Target -35,8%
EPS Revisions
Managers
NameTitle
Frank Thomson Leighton Chief Executive Officer & Director
Rick M. McConnell President & General Manager-Web Division
Frederic V. Salerno Chairman
Keith Oslakovic Senior VP-Global Performance & Operations
Ed McGowan Chief Financial Officer & Executive Vice President
Sector and Competitors
1st jan.Capitalization (M$)
AKAMAI TECHNOLOGIES, INC.26.21%17 738
ACCENTURE PLC10.70%148 297
TATA CONSULTANCY SERVICES23.76%136 282
INTERNATIONAL BUSINESS MACHINES CORPORATION-14.16%102 470
INFOSYS LIMITED57.06%66 122
AUTOMATIC DATA PROCESSING, INC.-13.87%63 123