What is CloudbleedPosted by seerer on August 20th, 2021 Tavis Ormandy working for Google project zero team noticed corrupted web pages returned by HTTP request through Cloudflare servers. Websites were returning HTTP session and other information that was confidential including text messages from social dating sites among other sensitive information. He then contacted Cloudflare and informed them of his observation, the bug was coming from cloudflare edge servers and on a careful investigation by Cloudflare team turned out to be a serious bug. Fig 1.1: Ormandy contacting the cloudflare security team after discovering the breach Some of the services offered by Cloudflare were turned off as they were found to be susceptible to the Cloudbleed bug, the services were :
Like it? Share it!More by this author |