FYI y'all might wanna change your passwords

Status
Not open for further replies.

fickleheart

ms reflec beat stan
(TL;DR is on the last paragraph)

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Cloudflare put out an incident report today regarding an issue with their parsers that would output unintended data on certain pages with script issues. Notably, HTTP POST bodies (which contain things like the password you send to a login page) and other such information was getting sent out where it shouldn't:

It turned out that in some unusual circumstances[...] our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

Anything that uses Cloudflare (the MB does, for instance) or communicates with a site that does was potentially affected. The safest course of action is to change all your passwords, deauthorize and reauthorize any apps hooking into your social networking accounts (which creates new authentication tokens, since those are also vulnerable), and take other similar precautions with any other data you've sent over the web.

This has been a friendly PSA.
 
I'm going to assume that this probably doesn't affect anyone who's been logged in automatically for at least a year?
 
Wow this is bad news, how can things get worse!
Well im going to change my password!
 
Status
Not open for further replies.

Who is viewing this thread (Total: 1, Members: 0, Guests: 1)

Back
Top