Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: Kiloku on February 24, 2017, 08:38:34 am
-
Sites using CloudFlare might accidentally have had private content sent in pages meant for other users. This sensitive data would not be visible to the layperson, but hidden in the generated source for the page they're accessing. This data might include queries, passwords, Auth tokens, and even page snapshots. Furthermore: Any crawler that caches content (such as search engines and private malicious crawlers) has many snapshots of such data. The biggest search engine companies have worked together with CloudFlare to remove the sensitive data from their caches, but others might not cooperate.
More details by people much smarter than I am:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Note: HLP is listed here (https://github.com/pirate/sites-using-cloudflare) as a site that uses CloudFlare, I don't know if that means that it's affected, but I think it's worth checking.
-
Note: HLP is listed here (https://github.com/pirate/sites-using-cloudflare) as a site that uses CloudFlare, I don't know if that means that it's affected, but I think it's worth checking.
There's a topic on that (http://www.hard-light.net/forums/index.php?topic=93253.msg1843182#msg1843182) on the site support forum.