Which of my Firefox passwords might have been compromised by Cloudflare’s memory leak?

February 24th, 2017

Yesterday the internet learned that Cloudflare had been randomly spewing the contents of some connections through their services into other HTTP responses. What fun! Now we need to change all our passwords, rotate our keys, expire sessions, etc. because someone used C code in a sensitive context. But I have hundreds of passwords, and I don't want to change all of them. Here's how I found a set of candidates that could have been affected, using Firefox's password store.

Update 2017-02-24: Uses later date to only check sites in high-risk period.

Update 2017-02-24: Now actually checks if each identified site currently uses Cloudflare, and uses later date.

Read full entry »