Skip to main content

OpenSSL Heartbeat Information Disclosure Vulnerability

Last Update Date: 16 Apr 2014 Release Date: 8 Apr 2014 9075 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability has been identified in OpenSSL. A remote, unauthenticated attacker may be able to retrieve sensitive information, such as secret keys. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks on network traffic that would otherwise be protected by OpenSSL.  

 

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

 

For details about the impact and how to verify whether your server or device is affected, please refer to our blog article:

/my_url/blog/14041501

 

Note: This vulnerability is being actively exploited in the wild.


Impact

  • Information Disclosure
  • Spoofing

System / Technologies affected

 


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link