Author Topic: CloudBleed: Sensitive data leakage from CloudFlare  (Read 1054 times)

0 Members and 1 Guest are viewing this topic.

Offline Kiloku

  • 27
  • Buzzbuzz!
    • Minecraft
CloudBleed: Sensitive data leakage from CloudFlare
Sites using CloudFlare might accidentally have had private content sent in pages meant for other users. This sensitive data would not be visible to the layperson, but hidden in the generated source for the page they're accessing. This data might include queries, passwords, Auth tokens, and even page snapshots. Furthermore: Any crawler that caches content (such as search engines and private malicious crawlers) has many snapshots of such data. The biggest search engine companies have worked together with CloudFlare to remove the sensitive data from their caches, but others might not cooperate.

More details by people much smarter than I am:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/


Note: HLP is listed here (https://github.com/pirate/sites-using-cloudflare) as a site that uses CloudFlare, I don't know if that means that it's affected, but I think it's worth checking.
Potato!

  
Re: CloudBleed: Sensitive data leakage from CloudFlare
Note: HLP is listed here (https://github.com/pirate/sites-using-cloudflare) as a site that uses CloudFlare, I don't know if that means that it's affected, but I think it's worth checking.

There's a topic on that on the site support forum.