Cloudflare's #Cloudbleed HTTPS Traffic Leak

View previous topic View next topic Go down

Cloudflare's #Cloudbleed HTTPS Traffic Leak

Post  Paper Shadow on Fri Feb 24, 2017 10:12 am

Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was trigerred the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn't use those features. So the potential impact is every single one of the sites using CloudFare's proxy services (including HTTP & HTTPS proxy).

"The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day"
Source - https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

I mention this here because there are a lot of sites that this vulnerablity affects, including Forumotion. Consider changing your passwords on any site that uses Cloudflare, which is a lot. For me, that included Forumotion, Discord, Reddit, and to be on the safe side, an old unused Newgrounds account...

_________________
Ellipses are kinda my thing...

Based Emotion Chart:
avatar
Paper Shadow
Smile Like You Mean It
Smile Like You Mean It

Posts : 3696
Join date : 2012-11-23
Age : 23

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum