Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL Heartbeat Information Disclosure (Heartbleed)

High

Synopsis

The remote service is affected by an information disclosure vulnerability.

Description

The remote host is configured with the TLS heartbeat message feature and appears to be affected by an out-of-bounds read flaw. This flaw could allow a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords, private keys, and other sensitive data.

Solution

Upgrade to OpenSSL 1.0.1g or later. Alternatively, recompile OpenSSL with the '-DOPENSSL_NO_HEARTBEATS' flag to disable the vulnerable functionality.