Cloudflare HTTPS Traffic Leak

k_m_Arya · Feb 24, 2017

It seems that Cloudflare has been leaking data due to a bug. A huge amount of personal data was being leaked and cached by search engines. Some websites have asked their users to change their passwords but CloudFlare chief operating officer says that he is not going change his passwords as the probability of the data being used maliciously is low. Even 2fa authy is affected by this.

Links:https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://github.com/pirate/sites-using-cloudflare
http://gizmodo.com/cloudbleed-password-memory-leak-cloudflare-1792709635
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

6pack · Feb 25, 2017

Even if we were to change the passwords, it won't help until cloudflare stops leaking the info. Once its known that cloudflare have patched things up only then a password change will help.

k_m_Arya · Feb 25, 2017

6pack said:
Even if we were to change the passwords, it won't help until cloudflare stops leaking the info. Once its known that cloudflare have patched things up only then a password change will help.

It seems that cloudflare has patched it up and all random cookies and data have been deleted from most search engines such as google and bing.

Cloudflare HTTPS Traffic Leak

k_m_Arya

6pack

k_m_Arya