Jump to content

CloudFare Bleeding


winthan
 Share

Recommended Posts

There is an incident report on memory leak caused by Cloudfare.

Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

In order to prevent the leaks of your information from any sites, please reset your passwords from sites which use CloudFlare. For XRP Wallets users on Gatehub, please reset the password on Gatehub too as well. 

Actually, all sites which are with Cloudfare should ask all of the clients to purge all session tokens and revoke authentication tokens (i.e. forcibly log everyone out). Those sites should also ask their clients to reset all passwords of active users during the above period where two-factor authentication is not enabled and a secure password reset mechanism (e.g. not sending the password through email through MTAs which don't support TLS) is available.


 

Edited by winthan
Link to comment
Share on other sites

From kraken:

Quote

 

A bug was recently discovered with Cloudflare, which Kraken and many other websites use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your Kraken security credentials:

Change your password

Change your two-factor authentication (remove and re-enable it)

Clients who use API keys should generate a new set of keys

You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication for every site that supports it.

The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.

The problem is thought to have only started 6 months ago and 2FA or API keys generated before that time are probably not affected, but we recommend changing them anyway because the bug existed for years.

Here are some links for further reading on the Cloudflare bug:

TechCrunch article: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/

List of sites possibly affected by the bug: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

If you have any questions or concerns in response to this email, please contact Kraken support at: https://support.kraken.com/hc/requests/new

Thank you for choosing Kraken, the trusted and secure digital assets exchange.

The Kraken Team

 

 

 

Link to comment
Share on other sites

Also, a list of some [iOS apps](https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps) that *may* have been affected.

## Notable Sites

- authy.com
- coinbase.com
- betterment.com
- transferwise.com
- prosper.com
- digitalocean.com
- patreon.com
- bitpay.com
- news.ycombinator.com
- producthunt.com
- medium.com
- 4chan.org
- yelp.com
- okcupid.com
- zendesk.com
- uber.com
- namecheap.com ([not affected](https://status.namecheap.com/archives/30660))
- poloniex.com
- localbitcoins.com
- kraken.com
- 23andme.com
- curse.com (and some other Curse sites like minecraftforum.net)
- counsyl.com
- tfl.gov.uk
 

Link to comment
Share on other sites

11 minutes ago, kanaas said:

list of affected sites

This list contains all domains that use CloudFlare DNS, not just the cloudflare proxy (the affected service that leaked data). It's a broad sweeping list that includes everything. Just because a domain is on the list does not mean the site is compromised, and sites may be compromised that do not appear on this list.

Link to comment
Share on other sites

GateHub NOT affected.

Email we received from CloudFlare:

"Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found. "

 

Link to comment
Share on other sites

6 minutes ago, enej said:

GateHub NOT affected.

Email we received from CloudFlare:

"Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found. "

 

 

Great :P

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.