Skip to main content

CloudBleed: check if you visited sites affected by CloudFlare’s security issue

CloudBleed is the unofficial name for a security issue discovered on February 17th, 2017 that affected CloudFlare's reverse proxies.

CloudFlare is a large provider that is used by more than 5.5 million Internet properties according to the company's website. It offers CDN and DDOS protection, optimization technologies for websites, dedicated SSL and a lot more.

The basic service is offered for free, but webmasters and organizations may upgrade to a paid plan for additional features and better protection.

The security issue at hand caused the servers to "run past the end of a buffer" which returned memory that contained private information. Among other things, it might have included HTTP cookies, authentication tokens, HTTP Post bodies, and other sensitive data.

The issue was disclosed by Google's Project Zero, and has since been fixed by CloudFlare.

Cloudbleed

cloudflare security issue cloudbleed

The main issue for Internet users is that their authentication cookies or data may have leaked. Search engines may have cached the data, and attackers may have exploited the issue as well to gather the data.

Since there is no record whether individual user data was leaked or not, some experts suggests that users change passwords on all sites and services that use CloudFlare. This is a difficult thing for most users however, as it is quite time consuming to find out whether services and sites use CloudFlare.

The Firefox add-on and Chrome Extension CloudBleed changes that. Designed by the NoSquint Plus author, it is parsing the browsing history of the browser to reveal any site or service that uses CloudFlare.

This enables you to go quickly through the listing to identify sites that you have an account on.

The extensions work identical in both browsers. Simply install it in your browser of choice, and click on the icon that it adds to the main toolbar of the browser.

The page that loads includes a short explanation, and a search button that you need to click on. The extension goes through the browsing history then, and checks whether sites in the history were affected by the issue.

Some sites may appear multiple times in the listing. An option to filter sites by domain, or subdomain, would have been useful.

The author notes that all processing is done on the local system. All that is left afterwards is to go through the list to identify the sites with accounts.

Closing Words

CloudBleed is a handy browser extension for Google Chrome and Firefox. You may use it to reveal sites affected by CloudFlare's recent security issue quickly, provided that you did not delete the browsing history in the meantime.

Now You: Have you changed account passwords of affected sites?

 

This article was first seen on ComTek's "TekBits" Technology News

HOME