CloudFlare CloudBleed Exposes Private User Data

Recently, one of the most popular Google security researcher named Tavis Ormandy uncovered a CloudFlare bug named CloudBleed. It is reported at that time when it was leaking millions of people’s personal online data such as personal messages, password manager data, hotel booking details etc. In the Internet, CloudBleed really seems as a serious bug that affecting Cloudflare.

Information That You Must Know About CloudFlare

CloudFlare is one of the most popular Content Delivery Network (CDN) that cause a buffer overrun to leak user memory and exposes users personal data. This CDN is used by the millions of sites such as Yelp, Uber, FitBit, OKCupid and many more. According to the depth analysis by researchers, Cloudflare’s proxy servers used three minor features including email obfuscation, Automatic HTTPS Rewrites and Server-side Excludes and used as the flawed HTML parser that can cause an unknown amount of memory to be leak from the Cloudflare edger servers in response to the HTTP requests.

Know What CloudFlare Does

CloudFlare is responsible for routing web traffic via its global network thus brings web browser closer to System users and reduces latency. You can also say that it makes webpages load faster. This type of Content Delivery Network is used by about 5.5 million sites. First of all, this vulnerability was spotted by Tavis Ormandy on February 17 but the period of greatest impact was between the February 13 and February 18. CloudFlare is mainly known for keeping one person’s detail separate from another’s one.

Ways Through Which CloudFlare Affect Users

The services of CloudFlare’s usually relies on parsing the HTML webpages and altering them via company’s edge servers. For example, if you are using any services of CloudFlare in front of your site then it has potential to impact you as bug, steal your all personal data and after that throwed them between back-end servers and end-users through CloudFlare’s proxies. CloudFlare has identified about 770 unique URLs covering 161 unique site that includes leaked memory and were cached by the search providers including Google, yahoo and Bing.

Till now, CloudFlare has not released the list of sites that have impacted by CloudBleed but a user by name of “pirate” has assembled the list of four million domain specifically used by company’s services. Major sites and password manager may have send sensitive data if it was sent via HTTPS. According to the researchers, data is actually locked with three layers such as SSL/TLS and other two layer that remain secure even if SSL/TLS channel is compromised. The three layers are described as follow :

  • SSL/TLS – It means ‘S’ in HTTPS and this us data that have been exposed due to CloudFlare bug during vulnerable period.
  • Transport Layer – This layer authenticated the file encryption procedure using session key that is mainly generated using the SRP during sign in. This secret session keys never be transmitted.
  • Master Password and secret Account Code – It is one of the most important layer because it protect user if there servers were breached.


Leave a Comment

Your email address will not be published. Required fields are marked *