Menu
EN

About recent CloudFlare vulnerability

Today we would like to tell you about a security breach that happened recently. Cloudflare revealed a serious bug in its software that caused sensitive data like passwords, cookies, authentication tokens to leak from its customers’ websites, TechCrunch reports.

For those of you who are not familiar with CloudFlare, it's a company that provides a content delivery network, Internet security services, and distributed domain name server services, sitting between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

So what's the problem?
Basically, this security vulnerability allowed anyone to gain personal data that is usually encrypted and it impacted millions of websites (it's now fixed).

The bug occurred in an HTML parser that Cloudflare uses to increase website performance — it preps sites for distribution in Google’s publishing platform AMP and upgrades HTTP links to HTTPS. Three of Cloudflare’s features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) were not properly implemented with the parser, causing random chunks of data to become exposed.

-TechCrunch

Is Adguard affected?
CloudFlare told us that: "Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found".
So your emails and passwords you use for Adguard account shall be safe. But anyways we would highly recommend that you change account password as a precaution!

UPD:
CloufFlare shared the following:

The summary is that, while the bug was very bad and had the potential to be much worse, based on our analysis so far:

  • We have found no evidence based on our logs that the bug was maliciously exploited before it was patched;
  • The vast majority of Cloudflare customers had no data leaked;
  • After a review of tens of thousands of pages of leaked data from search engine caches, we have found a large number of instances of leaked internal Cloudflare headers and customer cookies, but we have not found any instances of passwords, credit card numbers, or health records; and
  • Our review is ongoing.
  • Liked this post?
    By downloading the comments you agree the terms and policies

    AdGuard
    for Windows

    AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
    User Reviews: 18562
    4.7 out of 5
    By downloading the program you accept the terms of the License agreement
    Read more

    AdGuard
    for Mac

    AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
    User Reviews: 18562
    4.7 out of 5
    By downloading the program you accept the terms of the License agreement
    Read more

    AdGuard
    for Android

    AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
    User Reviews: 18562
    4.7 out of 5
    By downloading the program you accept the terms of the License agreement

    AdGuard
    for iOS

    The most advanced ad blocker for Safari: it makes you forget about pop-up ads, speeds up page loading, and protects your personal data. A manual element-blocking tool and highly customizable settings help you tailor the filtering to your exact needs.
    User Reviews: 18562
    4.7 out of 5
    By downloading the program you accept the terms of the License agreement

    AdGuard Browser extension

    AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
    User Reviews: 18562
    4.7 out of 5

    AdGuard for Safari

    Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
    User Reviews: 18562
    4.7 out of 5
    Available on the
    App Store
    Download
    By downloading the program you accept the terms of the License agreement

    AdGuard Home

    AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
    User Reviews: 18562
    4.7 out of 5

    AdGuard Content Blocker

    AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
    User Reviews: 18562
    4.7 out of 5
    By downloading the program you accept the terms of the License agreement
    Read more

    AdGuard Assistant

    A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
    User Reviews: 18562
    4.7 out of 5
    Assistant for Chrome Is it your current browser?
    Install
    By downloading the program you accept the terms of the License agreement
    Assistant for Firefox Is it your current browser?
    Install
    By downloading the program you accept the terms of the License agreement
    Assistant for Edge Is it your current browser?
    Install
    By downloading the program you accept the terms of the License agreement
    Assistant for Opera Is it your current browser?
    Install
    By downloading the program you accept the terms of the License agreement
    Assistant for Yandex Is it your current browser?
    Install
    By downloading the program you accept the terms of the License agreement
    Assistant for Safari Is it your current browser?
    If you can't find your browser, try the old legacy Assistant version, which you can find in AdGuard extension settings.
    Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
    Install AdGuard on your mobile device