Possible security issue for cloudflare users

  • Abigailm

    (@abigailm)


    6 years, 8 months ago

    I’m just posting this as a general announcement — it is not a problem with Cloudflare or the Cloudflare plugin, but rather an outside security problem that could impact Cloudflare users who also use the Chrome browser and certain Chrome extensions.

    There was a report yesterday on the Wordfence Blog that several Chrome Extensions were compromised in June, July, and August by a hacker that modified the extensions to insert malicious javascript, that in turn was set up to steal Cloudflare credentials. So basically if you use one of these extensions, your Cloudflare login and API may have been stolen.

    Here is a list of the extensions that were compromised:

    Web Developer – Versions 0.4.9 affected
    Chrometana – Version 1.1.3 affected
    Infinity New Tab – Version 3.12.3 affected
    CopyFish – Version 2.8.5 affected
    Web Paint – Version 1.2.1 affected
    Social Fixer 20.1.1 affected
    TouchVPN appears to have been affected but the version is unclear
    Betternet VPN also appears to have been affected but no version was provided

    The blog post explains:

    Once the attacker has a site owner’s Cloudflare credentials, they can perform a variety of malicious actions. This includes modifying a website’s DNS entry to point the site at the attacker’s own server. The API call they would make to do this is the “Update DNS record” function in the Cloudflare API.

    Fortunately, there have apparently been no reports of anyone actual attacks on the Cloudflare accounts, as of yet — but it could be possible that the bad guys are planning a future attack of some sort.

    More info here: https://www.wordfence.com/blog/2017/08/chrome-browser-extension-attacks/

    Basically if you use Chrome to manage your Cloudflare account and also have any of the extensions listed, you should change both your account password and the Cloudflare API. Apparently the API can be used along with username to access your account without the password, so you need to change both. (Just go to “My Profile” on the Cloudflare dashboard)

    The good news is that it took me less than 2 minutes to make these changes from the Cloudflare dashboard. Obviously if you are also using the Cloudflare plugin for WordPress, you will need to update the API key in the plugin settings as well.

    I haven’t seen an announcement from Cloudflare about this, so I don’t know how serious the threat is. But I just thought I would share this info.

    More technical details in this blog post:
    https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree

    • This topic was modified 6 years, 8 months ago by Abigailm.
    • This topic was modified 6 years, 8 months ago by Abigailm.
    • This topic was modified 6 years, 8 months ago by Abigailm.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Possible security issue for cloudflare users’ is closed to new replies.