top | item 13719437

(no title)

arestor | 9 years ago

Some features had a bug which lead to uninitialized memory (AKA previous memory contents) in the output of a malformed HTML page was requested.

As one such server handles many sites, everything that the server handled before that request may be compromised. This includes all HTTP-GET/POST data (credentials, direct messages to other users, ...), Headers (API tokens, Login-Cookies) and contents.

So, you have to assume that everything you did on a CF "protected" website in the last months (especially between 2017-02-13 and 2017-02-17) is potentially compromised.

discuss

zaatar|9 years ago

Where is a reliable list of CF-protected websites so I may identify which ones I have interacted with?

tony101|9 years ago

An unofficial list is being compiled here: https://github.com/pirate/sites-using-cloudflare

unknown|9 years ago

[deleted]