The "Cloudbleed" issue: keeping you safe
Due to the Cloudbleed issue, Vivaldi have reset the password for some Vivaldi Community users to be on the safe side.
Click here to see the full blog post
JuniorSilva30 last edited by
Showed a few minutes ago! I already changed my password! Thanks for informing!
I was automatically logged off, I thought something had happened!
Hmm, I haven't been logged out, though a "session mismatch" error showed up about an hour ago and I was logged out of the forums, but once I clicked on the "Login" button, I was logged back in without entering my credentials.
Chas4 last edited by
Changed mine, I was reading about Cloudbleed a few days ago.
@pafflick: That seems to be the "session are regenerated" part of the scenario above. Everything was good, except the session on the server. Clicking on "login" made you download and match to the new one generated by the server
luetage last edited by
Had to change password, no big deal. The only users who will encounter troubles are those that have no access to their backup email account.
cezar last edited by
greybeard last edited by
Could not log-in today so password is reset.
Though when I go from one page to another within Vivaldi it does not seem to recognize me (?!).
ugly last edited by
@luetage: That's the issue I'm having. I signed up (a different account from this ugly account) using my old myopera account. I forgot to change it after the service shut down. Now I'm locked out of my personal email account.
bfzoli79 last edited by gaelle
Somebody can for me to help?
@ugly: Maybe someone from the team will be able to modify it. Wait tomorrow, to see if they can (don't hesitate to file a bug, with a mail address you can access, so we can contact you)
TalGarik last edited by
@Cqoicebordel this is a real issue, it seems there is no way to change the back-up email, if - for whatever reason - you lose access to that, you lose access to your Vivaldi account too.
It is necessary to allow users to change their back-up e-mail.
GT500 last edited by
For those who are concerned about the issue, note that is was only exploitable on websites where the Cloudflare configuration had the following three options enabled (all three of them had to be turned on for the vulnerability to work):
- Email Obfuscation.
- Automatic HTTPS Rewrites.
- Server-side Excludes
More information is available at the following links:
Note that many websites using Cloudflare did not have all of these options enabled, and thus the scope of the vulnerability is considered to be rather small even though Cloudflare has a large number of customers.
g_bartsch last edited by
I thought "Nah, I won't be affected." But I was. That's not something that happens to me everyday. Thanks for catching the issue.
dLeon last edited by
This post is deleted!
fstjohn last edited by
burnout426 last edited by
Can any one recommend a good CDN ?
@Guardrail68 we're looking into it and will get back to you asap. Thanks for being patient with us.
@greybeard: sorry for the trouble. We're looking into it and will get back to you asap. Thanks for being patient with us.