Skip to main content

Posts

Showing posts from May, 2014

Heartbleed

Heartbleed is the vulnerable which is identifying in very famous TSL level security library call OpenSSL. It is widely used to implement TSL level security. Heartbleed is effecting if user using vulnerable OpenSSL instance for the client side or server side. Note that only the number of OpenSSL version are reported as an effected by vulnerability.
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerableOpenSSL 1.0.1g is NOT vulnerableOpenSSL 1.0.0 branch is NOT vulnerableOpenSSL 0.9.8 branch is NOT vulnerableOpenSSL 0.9.7 branch is NOT vulnerable
CVE-2014-0160 is the official name for this vulnerability. These vulnerability names are maintain by the CVE (http://cve.mitre.org/)

What actually happened?
When Heartbleed is exploited it leads to the leak of memory information from the server to the client and from client to the server side. RFC6520 is for the transport layer security (TLS) and datagram transport layer security (DTLS). RFC6520 heartbeat extension is providing link to send heartb…