The forum of the forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.

List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

4 posters

Go down

Solved List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

Post by Jakovec12 February 24th 2017, 3:51 pm

Regarding a recent vulnerability exposed in Cloudflare's (a traffic proxying site) infrastructure. For months now, there has been a vulnerability that allowed data transmitted between Cloudflare's proxy servers and the target server to be exposed.

Affected sites can be found in this list (forumotion is on list as well):
https://github.com/pirate/sites-using-cloudflare

Sources:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
https://www.reddit.com/r/sysadmin/comments/5vu3yn/cloudbleed_seceurity_bug_cloudflare_reverse/


Should people change passwords from your site and ours that has been made by forumotion?


Last edited by Jakovec12 on February 24th 2017, 8:46 pm; edited 1 time in total
Jakovec12
Jakovec12
New Member

Posts : 13
Reputation : 1
Language : Croatia

http://gamemunity.team-talk.net/

Back to top Go down

Solved Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

Post by Dr Jay February 24th 2017, 4:50 pm

Password change is not necessary due to the nature of this kind of problem. This is more of a communications vulnerability rather than a vulnerability of accounts being hacked.

The largest of problems, especially for Forumotion, might by automatic HTTPS rewrites; however, the table at the bottom of the Cloudflare blog you linked to shows that this entire vulnerability has been solved:

Cloudflare wrote:2017-02-18 0011 Tweet from Tavis Ormandy asking for Cloudflare contact information
2017-02-18 0032 Cloudflare receives details of bug from Google
2017-02-18 0040 Cross functional team assembles in San Francisco
2017-02-18 0119 Email Obfuscation disabled worldwide
2017-02-18 0122 London team joins
2017-02-18 0424 Automatic HTTPS Rewrites disabled worldwide
2017-02-18 0722 Patch implementing kill switch for cf-html parser deployed worldwide

2017-02-20 2159 SAFE_CHAR fix deployed globally

2017-02-21 1803 Automatic HTTPS Rewrites, Server-Side Excludes and Email Obfuscation re-enabled worldwide
Dr Jay
Dr Jay
Forumember

Male Posts : 92
Reputation : 7
Language : English
Location : USA(UTC-5)

https://geekpolice.forumotion.com

Back to top Go down

Solved Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

Post by Chapo February 24th 2017, 5:34 pm

Hello,

don't worry about this Cloudflare vulnerability: we use Cloudflare as a NS on some creation site (and only that) and the vulnerability affects Cloudflare proxy service (therefore not used by us).
Chapo
Chapo
Technician
Technician

Posts : 37
Reputation : 14
Language : PHP ;)

https://www.forumactif.com

Back to top Go down

Solved Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

Post by Dr Jay February 24th 2017, 5:36 pm

Thanks for letting us know @Chapo and for verifying nothing to worry about. Smile
Dr Jay
Dr Jay
Forumember

Male Posts : 92
Reputation : 7
Language : English
Location : USA(UTC-5)

https://geekpolice.forumotion.com

Back to top Go down

Solved Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

Post by Jakovec12 February 24th 2017, 8:46 pm

Thanks for the info. Smile
Jakovec12
Jakovec12
New Member

Posts : 13
Reputation : 1
Language : Croatia

http://gamemunity.team-talk.net/

Back to top Go down

Solved Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)

Post by SLGray February 24th 2017, 9:49 pm

Problem solved & topic archived.
Please read our forum rules:  ESF General Rules


List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak) Slgray10

When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray
SLGray
Administrator
Administrator

Male Posts : 51453
Reputation : 3519
Language : English
Location : United States

https://forumsclub.com/gc/128-link-directory/

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum