Cloudbleed

Cloudflare has had a bug in their parser software which allowed for leakage of information. We have expunged all long living keys and replaced any keys just in case. Even though we have received a security bulletin stating we weren't affected, we took the liberty to invalidate all our password caches, api keys and implement new seeds all across the board in any products used.

More information will follow

Take a random web crawler (like duckduck) and try and find:

{"scheme":"http"} CF-Host-Origin-IP

You can see how much info has been leaked into the body. It can contain messages, passwords, api-keys and much much more.

Author: Angelique Dawnbringer Published: 2017-02-23 09:06:26 Keywords:
  • Cloudbleed
Modified: 2017-09-10 17:50:56