Menu
EN
Support
AdGuard Blog About recent CloudFlare vulnerability

About recent CloudFlare vulnerability

February 27, 2017 2 min read

Today we would like to tell you about a security breach that happened recently. Cloudflare revealed a serious bug in its software that caused sensitive data like passwords, cookies, authentication tokens to leak from its customers’ websites, TechCrunch reports.

For those of you who are not familiar with CloudFlare, it's a company that provides a content delivery network, Internet security services, and distributed domain name server services, sitting between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

So what's the problem?
Basically, this security vulnerability allowed anyone to gain personal data that is usually encrypted and it impacted millions of websites (it's now fixed).

The bug occurred in an HTML parser that Cloudflare uses to increase website performance — it preps sites for distribution in Google’s publishing platform AMP and upgrades HTTP links to HTTPS. Three of Cloudflare’s features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) were not properly implemented with the parser, causing random chunks of data to become exposed.

-TechCrunch

Is Adguard affected?
CloudFlare told us that: "Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found".
So your emails and passwords you use for Adguard account shall be safe. But anyways we would highly recommend that you change account password as a precaution!

UPD:
CloufFlare shared the following:

The summary is that, while the bug was very bad and had the potential to be much worse, based on our analysis so far:

  • We have found no evidence based on our logs that the bug was maliciously exploited before it was patched;
  • The vast majority of Cloudflare customers had no data leaked;
  • After a review of tens of thousands of pages of leaked data from search engine caches, we have found a large number of instances of leaked internal Cloudflare headers and customer cookies, but we have not found any instances of passwords, credit card numbers, or health records; and
  • Our review is ongoing.
    • Liked this post?
    Upd: June 7, 2021 Originally posted on February 27, 2017 2 min read Industry news
    Daria Magdik Daria Magdik

    Recommended articles
    9,934 9934 user reviews
    Excellent!

    AdGuard for Windows

    AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
    By downloading the program you accept the terms of the License agreement
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard for Mac

    AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
    By downloading the program you accept the terms of the License agreement
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard for Android

    AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
    By downloading the program you accept the terms of the License agreement
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard for iOS

    The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
    By downloading the program you accept the terms of the License agreement
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard VPN

    74 locations worldwide

    Access to any content

    Strong encryption

    No-logging policy

    Fastest connection

    24/7 support

    Try for free
    By downloading the program you accept the terms of the License agreement
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard Content Blocker

    AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
    By downloading the program you accept the terms of the License agreement
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard Browser Extension

    AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard Assistant

    A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard DNS

    AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard Home

    AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard Pro for iOS

    AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
    By downloading the program you accept the terms of the License agreement
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard for Safari

    Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard Temp Mail

    A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
    Read more
    9,934 9934 user reviews
    Excellent!

    AdGuard for Android TV

    AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
    Read more
    Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
    Install AdGuard on your mobile device