Jump to content


Photo

HPR - HPR1491: Heartbleed


  • Please log in to reply
No replies to this topic

#1 BINREV SPYD3R

BINREV SPYD3R

    Live to Hack...Hack to Live.

  • Members
  • 2,459 posts

Posted 20 April 2014 - 07:00 PM

The "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) is a bounds checkingerror in the heartbeat implementation that could return up to 64K of privatedata to the client. This can lead to server certificate private keys, sessioncookies, clear text passwords, or other sensitive data being leaked from theserver to the client. This vulnerability exists in OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2 beta.It is important for server administrators to update OpenSSL as soon as possibleand take steps to secure any private data which may have been leaked. This mayinclude updating server certificates and revoking certificates that may havebeen compromised.Users should ensure that web sites they use have been secured and should updatepasswords or other authentication information.CVE info: http://www.cve.mitre...e=CVE-2014-0160

Go to this episode




BinRev is hosted by the great people at Lunarpages!