Heartbleed

Heartbleed is a vulnerability in some implementations of OpenSSL. Because OpenSSL is used by approximately 66% of all active websites on the Internet, many experts have called Heartbleed one of the worst security bugs in the history of the Internet.

SSL and TLS VPN Security

RELATED TOPICS

+ Show More

Heartbleed is a vulnerability in some implementations of OpenSSL.

The vulnerability, which is more formally known as CVE-2014-0160, allows an attacker to read up to 64 kilobytes of memory per attack on any connected client or server. Heartbleed got its name because it is a flaw in OpenSSL's implementation of the Heartbeat Extension for the TLS and DTLS protocols (RFC 6520). 

The vulnerability, which is caused by poorly-written code, was discovered on the same day by Google and Codenomicon security researchers. The researchers quickly realized that an attacker could exploit the bug to expose encrypted content, usernames, passwords, and private keys for X.509 certificates. Because OpenSSL is used by approximately 66% of all active websites on the Internet, many experts have called Heartbleed one of the worst security bugs in the history of the Internet.

Heartbleed vulnerabilities exist in all versions of OpenSSL released between March 2012 and April 2014, at which time the software defect was corrected and OpenSSL version 1.0.1g was released. To lessen the potential negative effects of Heartbleed, OpenSSL.org recommends that enterprises upgrade to the most recent version of OpenSSL and reissue X.509 certificates with new keys.  

All Internet users have been advised to change the passwords they use for Web sites.

See also: memory scraping malware, bug bounty program, crowdsource testing

This was first published in April 2014

Continue Reading About Heartbleed

Glossary

'Heartbleed' is part of the:

View All Definitions

Dig deeper on SSL and TLS VPN Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

ITKE asks:

The Heartbleed bug dates back to December 2011. Why did it take researchers so long to find it?

5  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close