HomeList of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
4 posters
Page 1 of 1
List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
by Jakovec12 February 24th 2017, 3:51 pm
Regarding a recent vulnerability exposed in Cloudflare's (a traffic proxying site) infrastructure. For months now, there has been a vulnerability that allowed data transmitted between Cloudflare's proxy servers and the target server to be exposed.
Affected sites can be found in this list (forumotion is on list as well):
https://github.com/pirate/sites-using-cloudflare
Sources:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
https://www.reddit.com/r/sysadmin/comments/5vu3yn/cloudbleed_seceurity_bug_cloudflare_reverse/
Should people change passwords from your site and ours that has been made by forumotion?
Affected sites can be found in this list (forumotion is on list as well):
https://github.com/pirate/sites-using-cloudflare
Sources:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
https://www.reddit.com/r/sysadmin/comments/5vu3yn/cloudbleed_seceurity_bug_cloudflare_reverse/
Should people change passwords from your site and ours that has been made by forumotion?
Last edited by Jakovec12 on February 24th 2017, 8:46 pm; edited 1 time in total
Jakovec12- New Member
- Posts : 13
Reputation : 1
Language : Croatia -
Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
by Dr Jay February 24th 2017, 4:50 pm
Password change is not necessary due to the nature of this kind of problem. This is more of a communications vulnerability rather than a vulnerability of accounts being hacked.
The largest of problems, especially for Forumotion, might by automatic HTTPS rewrites; however, the table at the bottom of the Cloudflare blog you linked to shows that this entire vulnerability has been solved:
The largest of problems, especially for Forumotion, might by automatic HTTPS rewrites; however, the table at the bottom of the Cloudflare blog you linked to shows that this entire vulnerability has been solved:
Cloudflare wrote:2017-02-18 0011 Tweet from Tavis Ormandy asking for Cloudflare contact information
2017-02-18 0032 Cloudflare receives details of bug from Google
2017-02-18 0040 Cross functional team assembles in San Francisco
2017-02-18 0119 Email Obfuscation disabled worldwide
2017-02-18 0122 London team joins
2017-02-18 0424 Automatic HTTPS Rewrites disabled worldwide
2017-02-18 0722 Patch implementing kill switch for cf-html parser deployed worldwide
2017-02-20 2159 SAFE_CHAR fix deployed globally
2017-02-21 1803 Automatic HTTPS Rewrites, Server-Side Excludes and Email Obfuscation re-enabled worldwide
Dr Jay- Forumember
-
Posts : 92
Reputation : 7
Language : English
Location : USA(UTC-5) -
Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
by Chapo February 24th 2017, 5:34 pm
Hello,
don't worry about this Cloudflare vulnerability: we use Cloudflare as a NS on some creation site (and only that) and the vulnerability affects Cloudflare proxy service (therefore not used by us).
don't worry about this Cloudflare vulnerability: we use Cloudflare as a NS on some creation site (and only that) and the vulnerability affects Cloudflare proxy service (therefore not used by us).
Chapo- Technician
- Posts : 37
Reputation : 14
Language : PHP ;) -
Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
by Dr Jay February 24th 2017, 5:36 pm
Thanks for letting us know @Chapo and for verifying nothing to worry about. 
Dr Jay- Forumember
- Posts : 92
Reputation : 7
Language : English
Location : USA(UTC-5) -
Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
by Jakovec12 February 24th 2017, 8:46 pm
Thanks for the info.
Jakovec12- New Member
- Posts : 13
Reputation : 1
Language : Croatia -
Re: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
by SLGray February 24th 2017, 9:49 pm
Problem solved & topic archived.
|
Lost Founder's Password |Forum's Utilities |Report a Forum |General Rules |FAQ |Tricks & Tips
You need one post to send a PM.
You need one post to send a PM.
When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.
SLGray- Administrator
- Posts : 51555
Reputation : 3524
Language : English
Location : United States -
Similar topics» Cloudflare and custom domain
» Forum Going to be Potentially hacked
» Tried to redirect to potentially insecure url.
» Foes list/ignore list name change
» Traffic Help
» Forum Going to be Potentially hacked
» Tried to redirect to potentially insecure url.
» Foes list/ignore list name change
» Traffic Help
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
Facebook
Twitter
Pinterest
Youtube
