Security News Cloudbleed : Cloudflare's buffer overflow leak.

generalwu

generalwu

Level 5
Thread author
Verified
Well-known
Jan 25, 2016
219
Based on the article, it seems that their services are confused and leaks personal secrets in cleartext.

Sounds dangerous, the general advice given is to change your passwords or API keys from the affected sites.

The full lists is as shown: here

P.S. Authy is also stated in the list.

Hope this helps.
 
  • Like
Reactions: Myriad, LASER_oneXM, Der.Reisende and 21 others
generalwu

generalwu

Level 5
Thread author
Verified
Well-known
Jan 25, 2016
219
This site can help you determine if your favourite website is using Cloudflare or not.
(Link: here)

According to them, Lastpass is not.
upload_2017-2-24_19-0-33.png
 
  • Like
Reactions: LASER_oneXM, Der.Reisende, centreofgravity and 8 others
D

Dirk41

Level 17
Verified
Top Poster
Well-known
Mar 17, 2016
797
Thank you for sharing :)

Does someone know if there is a way ( in lastpass app ) to quickly change all passwords with just one click?

But I wonder : attacker don't have masterpass anyway , so even if they get the password of one website , we should be safe
 
  • Like
Reactions: LASER_oneXM, Der.Reisende, vemn and 3 others
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hey guys,
I've been reading about this for the last hour, and yes, it's serious bug. We're still investigating this, however I've just received this email from Matthew Prince, Cloudflare CEO. I've highlighted some of the most important parts:

Matthew Prince - Cloudflare CEO said:
[...]
In our review of these third party caches, we discovered exposed data on approximately 150 of Cloudflare's customers across our Free, Pro, Business, and Enterprise plans. We have reached out to these customers directly to provide them with a copy of the data that was exposed, help them understand its impact, and help them mitigate that impact.

Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found.

To date, we have yet to find any instance of the bug being exploited [...]
Matthew Prince
Cloudflare, Inc.
Co-founder and CEO
Click to expand...

I'm talking with Cloudflare support about this, and I'm sure more details about this bug will appear in the next hours and days. I'll keep you informed with any news/update that I know.
 
Last edited:
  • Like
Reactions: LASER_oneXM, Der.Reisende, WinXPert and 18 others
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Jack said:
Hey guys,
I've been reading about this for the last hour, and yes, it's serious bug. We're still investigating this, however I've just received this email from Matthew Prince, Cloudflare CEO. I've highlighted some of the most important parts:



I'm talking with Cloudflare support about this, and I'm sure more details about this bug will appear in the next hours and days. I'll keep you informed with any news/update that I know.
Click to expand...
So we too should take that initial list with a grain of salt, till further advised.
Thanks Jack ;)
 
  • Like
Reactions: LASER_oneXM, Der.Reisende, BugCode and 6 others
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
_CyberGhosT_ said:
So we too should take that initial list with a grain of salt, till further advised.
Click to expand...
That Github list is just a simple query of sites that are using Cloudflare, nothing more. The thing about this leak is that in needed the following:

The final buffer containing data had to finish with a malformed script or img tag (broken HTML)
The buffer had to be less than 4k in length (otherwise NGINX would crash)
The customer had to either have Email Obfuscation enabled (because it uses both the old and new parsers as we transition),
… or Automatic HTTPS Rewrites/Server Side Excludes (which use the new parser) in combination with another Cloudflare feature that uses the old parser.​


Here is the list with the confirmed domains to have leaked data: List of affected Cloudbleed domains.

Also:
John Graham-Cumming on Cloudflare Blog said:
With the help of Google, Yahoo, Bing and others, we found 770 unique URIs that had been cached and which contained leaked memory. Those 770 unique URIs covered 161 unique domains."
Incident report on memory leak caused by Cloudflare parser bug
Click to expand...

I do believe that the initial list/reports with 4,287,625 possibly affected domains is not close to the reality, and most likely in will be somewhere in the Cloudflare reported number (150 - 200). Still there is a lot of debate about this, so I would advise everyone to be cautious.

This is a good opportunity to remind you all to enable the Two-Step Verification for your MalwareTips account. More details here: How-to Guide - Secure your MalwareTips Account! Enable Two-Step Verification
 
  • Like
Reactions: soccer97, Myriad, LASER_oneXM and 15 others
generalwu

generalwu

Level 5
Thread author
Verified
Well-known
Jan 25, 2016
219
Dirk41 said:
Thank you for sharing :)

Does someone know if there is a way ( in lastpass app ) to quickly change all passwords with just one click?

But I wonder : attacker don't have masterpass anyway , so even if they get the password of one website , we should be safe
Click to expand...

@Dirk41 Activate Security Challenge and you'll see the following line at the end of the site, "Change selected passwords with one click:"

@Jack Thanks for the heads up, I'm using Authy which is also using Cloudflare's services. Talking about irony, hope they're not affected though. :confused:

Do anyone know how do I change the main password for Authy, so far I can locate the option to change the backup password but not the main password.

Thanks. :D
 
  • Like
Reactions: LASER_oneXM, Dirk41, Der.Reisende and 3 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
@Paul123 Good link for the non-technical minded.

"In plain English, Cloudflare’s software tried to save user data in the right place. That place got full. So Cloudflare’s software ended up storing that data elsewhere, like on a completely different website. Again, the data included everything from API keys to private messages. The data was also cached by Google and other sites, which means that Cloudflare now has to hunt it all down before hackers find it."​

Also from Cloudbleed: How to deal with it recommends to change ALL passwords, to improve general security.

LastPass allows users to Auto-Change passwords on supported sites, which makes things easier.
 
  • Like
Reactions: Myriad, Parsh, LASER_oneXM and 9 others
centreofgravity

centreofgravity

Level 1
Verified
Dec 14, 2015
45
Hi Everyone Very important update.
Authy the most commonly used Google Authenticator alternative was also affected by the issue.
Their response - SECURITY NOTICE: AUTHY RESPONSE TO CLOUDFLARE CLOUDBLEED INCIDENT • Authy

Long story short you need to add all your accounts stored in Authy once again.
Why because its based on Time-based One Time Password(TOTP) type 2FA.
The tokens may have been compromised. I got the response re-confirmed from Authy Support.
  1. Google Authenticator tokens that users have scanned and backed up to the Authy cloud service. Tokens are encrypted in the app using a key derived from the user-typed password, and the tokens are sent to us and securely stored. The password is never stored in Authy and therefore was never at risk from being exposed. Our general guidance, however, would be for users to re-enroll their Google Authenticator tokens at each site they use.
Click to expand...

For more details on how TOTP works read these blogs
Why You Should Never Use Google Authenticator Again
Cloudbleed Security Measures on TREZOR

0*nWGWoyFQ_SVN_KnZ.
 
Last edited:
  • Like
Reactions: Myriad, Parsh, LASER_oneXM and 6 others
centreofgravity

centreofgravity

Level 1
Verified
Dec 14, 2015
45
generalwu said:
@Dirk41 Activate Security Challenge and you'll see the following line at the end of the site, "Change selected passwords with one click:"

@Jack Thanks for the heads up, I'm using Authy which is also using Cloudflare's services. Talking about irony, hope they're not affected though. :confused:

Do anyone know how do I change the main password for Authy, so far I can locate the option to change the backup password but not the main password.

Thanks. :D
Click to expand...
@generalwu - You can change the Authy Main Password on the Authy Chrome App. The backup password also can be changed there.
On Android and iOS(not sure completely) the Authy app is PIN protected.
 
  • Like
Reactions: LASER_oneXM, Der.Reisende, aragornnnn and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Canadian telecom company Telus investigating potential data breach
Replies
0
Views
552
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
oldschool
    • Like
    • +Reputation
    • Applause
Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict
Replies
3
Views
910
News Archive
Bumblebee Uncle
Bumblebee Uncle
oldschool
    • Like
    • Applause
    • +Reputation
The case for slowing down AI
Replies
5
Views
889
News Archive
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top