Comment by sparkling
8 years ago
I know what Cloudflare is but i don't quite understand the underlying issue.
Can someone explain in simpler terms what happened here and how it a) affects sites using Cloudflare and b) Users accessing sites with Cloudflare?
Some features had a bug which lead to uninitialized memory (AKA previous memory contents) in the output of a malformed HTML page was requested.
As one such server handles many sites, everything that the server handled before that request may be compromised. This includes all HTTP-GET/POST data (credentials, direct messages to other users, ...), Headers (API tokens, Login-Cookies) and contents.
So, you have to assume that everything you did on a CF "protected" website in the last months (especially between 2017-02-13 and 2017-02-17) is potentially compromised.
Where is a reliable list of CF-protected websites so I may identify which ones I have interacted with?
An unofficial list is being compiled here: https://github.com/pirate/sites-using-cloudflare