Cloudbleed -> Check Your Passwords

Discussion in 'General Discussion' started by Arcfire, Feb 25, 2017.

Cloudbleed -> Check Your Passwords

Discussion in 'General Discussion' started by Arcfire, Feb 25, 2017.

  1. Arcfire

    Arcfire Guild Admin Staff Member

    Between last September and now, there has been a small (apparently single character typo) bug hiding in cloudflare's server code which causes buffer overflows that can return sensitive information from cached server memory to client machines.

    Above is an available master list to check against (good luck if you don't have grep handy) and a smaller list of more popular sites using coudlflare's services.

    It is recommended you change your passwords for any of the listed sites to which you have submitted sensitive info, but take heart that the odds your info having been stolen through this exploit are quite low. Better safe than sorry though.

    I'm going to go change my Authy, Patreon, and Humblebundle passwords now.
  2. syberghost

    syberghost Guild Admin Staff Member

    The funniest bit, for me, was when Webkit tried to commit a test for this to ensure they don't break their builds, they broke Subversion. Since the entire purpose of Subversion is to keep everything ever, it's difficult to recover from this.
  3. HittingSmoke

    HittingSmoke AoA Emeritus

    More important than changing passwords is to manually log out of any web sites you have set to keep you logged in. Theoretically there should be no passwords leaked as there are absolutely zero scenarios where a password should be sent to you in an HTTP reponse.

    However, response headers were leaked which can contain session cookies. If someone gets a session cookie for an active session they don't need your password, email username, or anything else. If a site follows good security practices then logging out manually should invalidate active sessions making any leaked cookies unusable.

    More info here:

Share This Page