Cloudflare parser bug exposes sensitive data


Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers.

It turned out that in some unusual circumstances […] our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

Not good. “Cloud Bleed” as it’s been dubbed potentially affects an extremely large amount of online services as well as many smaller ones such as your own website or blog even.

While Cloudflare has been working around the clock with Google engineers and other experts in purging the cached data there is a chance your password or other sensitive information was put out there for everyone to see.

As with any of these types of things the “better safe than sorry” approach is always the best one to take so taking the time to check the available lists and changing your passwords is the best way to go.

Some of the major affected domains are:

A more extensive list is available here.

Also available is a quickly built online tool to check your domain here.

Source: Incident report on memory leak caused by Cloudflare parser bug

Reckoner had its humble beginnings way back in June of 2013.

Founded by James Croft, along with Peter Wells and Anthony Agius they created what would go on to become one of Australia’s most highly regarded and award winning independent tech blogs.

With its uniquely Australian voice Reckoner is committed to offering a “no-holds-barred” approach to its writing. Beholden to no one but its audience. Reckoner’s goal is to remain completely transparent and honour the trust it’s built with its faithful readership.

Support Reckoner!
Thanks for stopping by. It looks like you're really enjoying the content so why not help a brother out and pitch in for a coffee.

Your support makes all the difference!