What is CloudBleed Vulnerability?
Cloudbleed vulnerability exposes from Cloudflare, so its first important to understand what is Cloudflare?
Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. Cloudflare improves website performance through CDN and help into security features such as Cloudflare’s WAF, DDoS protection, and SSL defend website owners and their visitors from all types of online threats. There are 5 million websites hosted in cloudflare.
Cloudbleed named from HeartBleed, which was discovered in 2014.
What is CloudBleed?Cloudbleed (also known as CloudLeak and CloudFlare Bug) is a security bug discovered on February 17, 2017 affecting Cloudflare's reverse proxies, which caused their edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. Some of this data was cached by search engines.
How CloudBleed Vulnerability found?The vulnerability was found by Tavis Ormandy, who is working with Google Project Zero team. He reported a security problem with Cloudflare edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. The bug was serious because the leaked memory could contain private information and because it had been cached by search engines.
What is the issue?Tavis informed Cloudflare of the problem on February 17. In his own proof-of-concept attack he got a Cloudflare server to return "private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.
Cloudflare has also confirmed that the greatest period of impact was between February 13 and February 18 with almost one in every 3,300,000 HTTP requests via Cloudflare potentially resulting in memory leakage, which is about 0.00003% of requests.
Cloudbleed Affects in Mobile Apps tooMobile Apps are also affeced with Cloudbleed Bug. Its designed to make use of the same backends as web browser for content delivery and HTTPS (SSL/TLS) termination.
NowSecure researchers have identified leaked data associated with the FitBit Android, Uber, and Discord apps. Below is a screenshot with detailed information from our engine. There are more than 200 iOS apps were affected with CloudBleed Vulnerability.
|Image by NowSecure|
Github list of top websites that have potentially affected by Cloudbleed bug included Uber, FitBit, Feedly, CoinBase, 4Chan, BitPay, DigitalOcean, Medium, ProductHunt, Transferwise, The Pirate Bay, Extra Torrent, BitDefender, Pastebin, Zoho, Feedly, Bleeping Computer, The Register, and many more.
How to Protect ?
Urgently check your password managers and change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2 factor authentication set up is ON.