BNETDocs and Cloudflare's Memory Leak (#Cloudbleed)
BNETDocs
Between September 22, 2016 and February 21, 2017, Cloudflare leaked memory due to a parser bug in three of their features: Automatic HTTP Rewrites, Server-Side Excludes, and Email Obfuscation. A Google security researcher discovered the bug on February 17 and began cooperating with Cloudflare to mitigate and patch the bug.
As of February 21, a patch had been put in place, and on February 24, Cloudflare announced their postmortem on their blog.
BNETDocs uses Cloudflare for their CDN feature and a few other purposes, and due to this, we recommend anyone who has an account here change their password immediately. It's possible that random visitors to this site or others hosted on Cloudflare could have leaked BNETDocs session data and/or password between the time period listed earlier.
The good news is, due to how BNETDocs stores passwords, reusing your password may not be an issue; BNETDocs will reset your seed and hash even if the password is the same as before. Bad news is, most people reuse passwords on other sites, so you should probably use a different password anyway.
- BNETDocs Staff
Comments
no one has commented yet.