Posts Tagged ‘hearbleed dump’

SSL HeartBleed – how to fetch confidential information from web server


        SSL HeartBleed (CVE-2014-0160) – this is know security vulnerability bug in OpenSSL protocol of version 1.0.1 through 1.0.1f and 1.0.2-beta.

        A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.

        I am not going to explain what this bug can do or how it present in protocol side of SSL. More detail about it you can find on official US Government web site US-CERT [ United states computer emergency readiness team ] and HeartBleed web site.

Continue reading “SSL HeartBleed – how to fetch confidential information from web server” »