The "Cloudbleed" issue: keeping you safe
-
Due to the Cloudbleed issue, Vivaldi have reset the password for some Vivaldi Community users to be on the safe side.
Click here to see the full blog post
-
Showed a few minutes ago! I already changed my password! Thanks for informing!
I was automatically logged off, I thought something had happened! -
Hmm, I haven't been logged out, though a "session mismatch" error showed up about an hour ago and I was logged out of the forums, but once I clicked on the "Login" button, I was logged back in without entering my credentials.
-
:knight:
Changed mine, I was reading about Cloudbleed a few days ago. -
@pafflick: That seems to be the "session are regenerated" part of the scenario above. Everything was good, except the session on the server. Clicking on "login" made you download and match to the new one generated by the server
-
Had to change password, no big deal. The only users who will encounter troubles are those that have no access to their backup email account.
-
Thanks!
-
Could not log-in today so password is reset.
Though when I go from one page to another within Vivaldi it does not seem to recognize me (?!). -
@luetage: That's the issue I'm having. I signed up (a different account from this ugly account) using my old myopera account. I forgot to change it after the service shut down. Now I'm locked out of my personal email account.
-
@ugly: Maybe someone from the team will be able to modify it. Wait tomorrow, to see if they can (don't hesitate to file a bug, with a mail address you can access, so we can contact you)
-
@Cqoicebordel this is a real issue, it seems there is no way to change the back-up email, if - for whatever reason - you lose access to that, you lose access to your Vivaldi account too.
It is necessary to allow users to change their back-up e-mail. -
For those who are concerned about the issue, note that is was only exploitable on websites where the Cloudflare configuration had the following three options enabled (all three of them had to be turned on for the vulnerability to work):
- Email Obfuscation.
- Automatic HTTPS Rewrites.
- Server-side Excludes
More information is available at the following links:
https://www.bleepingcomputer.com/news/security/typo-in-cloudflare-server-source-code-leaks-customer-info-cookies-passwords/
https://threatpost.com/cloudflare-bug-leaks-sensitive-data/123891/Note that many websites using Cloudflare did not have all of these options enabled, and thus the scope of the vulnerability is considered to be rather small even though Cloudflare has a large number of customers.
-
I thought "Nah, I won't be affected." But I was. That's not something that happens to me everyday. Thanks for catching the issue.
-
As of now, https://cloudbleedcheck.com/?domain=vivaldi.net reports that the cloudbleed problem IS present in vivaldi.net.
-
Thanks Yngve!
-
Can any one recommend a good CDN ?
http://www.isitdownrightnow.com/cloudbleedcheck.com.html -
@Guardrail68 we're looking into it and will get back to you asap. Thanks for being patient with us.
-
@greybeard: sorry for the trouble. We're looking into it and will get back to you asap. Thanks for being patient with us.
-
@ugly: sorry for the trouble, we're looking into it and will get back to you asap. Thanks for being patient with us.
-
After reseting password via https://login.vivaldi.net/profile/id/userInfoView everything works fine, also email