|
|
|
|
|
|
by perlgeek
3391 days ago
|
|
|
The trouble with this sort of bug is that we'll likely never know. Some people's accounts will be compromised, and nobody will know if it's been due to fishing, insecure passwords, or an information leak such as the Cloudflare bug, or an undisclosed or undiscovered breach somewhere. The more responsible Cloudflare customers have invalidated existing sessions; that's much less hassle than forcing a password reset, and since session tokens are transmitted in every request, a leaked token is much more likely than a leaked password. |
|
|
"Not measurable over the background noise" is a pretty workable definition of "no fallout".