XF 1.5 possibly affected by the CloudBleed HTTPS traffic leak.

UMILE

Member
Between 2016-09-22 - 2017-02-18 session tokens, passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.
"The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day"

Theoretically sites not in this list can also be affected (because an affected site could have made an API request to a non-affected one), you should probably change all your important passwords.


refer :
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md
 

Attachments

  • cloudflare.webp
    cloudflare.webp
    34.5 KB · Views: 3
Top Bottom