• No events
AEC v1.0.4

Cyber Security Info

Critical OpenSSL vulnerability

April 8, 2014

Share Button

A vulnerability in the Heartbeat extension of the OpenSSL allows to access 64kB of memory in the client or server computer. This may lead to corruption of security of encryption codes or session cookies. The vulnerability affects OpenSSL versions 1.0.1 to 1.0.1f and was patched in a recently issued OpenSSL 1.0.1g. That means that almost two thirds of web services that are using OpenSSL as their TLS implementation have been vulnerable since 2011 when the 1.0.1 version was introduced. Even a swift application of the 1.0.1g update does not mean you are safe. The attacker may have compromised your encryption keys long ago without leaving any trace.

Share Button