coderobe
commented
7 years ago Anything that routes through Cloudflare could have possibly leaked data via third partys that caused the leak to occur.
Closed turtledude01 closed 7 years ago
coderobe
commented
7 years ago Anything that routes through Cloudflare could have possibly leaked data via third partys that caused the leak to occur.
turtledude01
commented
7 years ago Id love to see proof of this because nothing I have found officially states this.
coderobe
commented
7 years ago Because Cloudflare operates a large, shared infrastructure an HTTP request to a Cloudflare web site that was vulnerable to this problem could reveal information about an unrelated other Cloudflare site.
Here's the official blog post, the quote can be found near the end of the post.
Search for External impact and cache clearing
turtledude01
commented
7 years ago Ive already read that one, doesn't prove anything
coderobe
commented
7 years ago The whole blog post goes into detail explaining why, and what exactly happened. It's been published by Cloudflare themselves. Personally i'd say this is proof enough, especially if potentially confidential data was leaked.
turtledude01
commented
7 years ago Now show me proof that every site listed in this repo was affected.
coderobe
commented
7 years ago The key words are could have and possibly.
Every website routed through Cloudflare's CDN solutions had a slim chance of leaking data via other, unrelated websites where the bug occured - as long as it happened on the same proxy node.
pirate
commented
7 years ago Even sites cloudflare has manually emailed saying they're not affected are not "proven" to be unaffected: https://github.com/pirate/sites-using-cloudflare/issues/87#issuecomment-282372235
If I use FULL ssl encryption from end to end is it possible that my websites 'were' affected? I have read in many places that it is only the Flexible SSL that was affected, is this true?