Jump to content

[Updated] OpenSSL 'Heartbleed' Bug Leaks Sensitive Data


Recommended Posts

Website owners should move quickly to patch a critical vulnerability in the OpenSSL cryptographic software library.

The flaw, which was disclosed Monday, can be exploited to compromise the secret keys used to identify service providers and encrypt traffic, usernames, passwords and content. Dubbed 'Heartbleed' because the bug is in OpenSSL implementation of the TLS/DTLS heartbeat extension (RFC6520), the vulnerability was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on March 14, 2012. OpenSSL versions 1.0.1 through 1.0.1f are vulnerable, but the latest version released Monday - 1.0.1g - is not.

"Looking only at web servers, it seems that OpenSSL 0.9.8 and 1.0.0 are still the most popular versions, which are not affected," said Mark Schloesser, security researcher for Rapid7. "However, we count at least a few hundred thousand servers using affected library versions, so it poses a significant threat. As the same problem affects other protocols/services such as mail servers and databases, we assume that, overall we're looking at millions of vulnerable systems connected to the public Internet."

According to an advisory from the OpenSSL Project, the issue comes down to a missing bounds check in the handling of the TLS heartbeat extension that can reveal up to 64K of memory to a connected client or server. However, the researchers that discovered the bug added that there technically is no 64K limit to the attack, as that limit applies only to a single heartbeat.

According to researchers at security vendor Codenomicon, who discovered the bug along with Neel Mehta from Google, an attacker can either keep reconnecting or keep requesting arbitrary numbers of 64 kilobyte chunks of memory content during an active TLS connection until enough secrets are revealed.

"We have tested some of our own services from attacker's perspective," Codenomicon noted in an FAQ on the findings. "We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."

TLS client certificate authentication does not mitigate the issue, nor does OpenSSL's FIPS mode, according to Codenomicon. However, using Perfect Forward Secrecy (PFS) should keep past communications from retrospective decryption.

A proof-of-concept exploit for the vulnerability has already made its way online. According to Fox-IT, Yahoo is among the sites vulnerable to attack.

"It is possible to detect successful exploitation of this vulnerability by inspecting the network traffic," blogged Joost Bijl of Fox-IT. "We have developed Snort signatures to detect succesful exploitation of the ‘heartbleed bug’."

"This bug," he added, "affects both sides of the connection. Not only will client certificates not save you from having to update your server certificate, they can be read from the client (along with your username, password etc.) by any server you connect to. DNS poisoning, MitM etc. can be used to direct clients to a malicious server – it seems that this vulnerability can be exploited before the server has to authenticate itself."

“OpenSSL is runs atop two of the most widely used Web servers, Apache and nginx, as well as email servers and chat services, VPN and other software that use the code library," Ken Westin, a security researcher with Tripwite told SecurityWeek.

"Many devices that use embedded Linux including routers and other devices may also be susceptible," Westin said. "Attackers who exploit the vulnerability can monitor all data passing between a service and client, or decrypt historical encrypted data that has been collected. Many modern operating systems use vulnerable versions of Open SSL including Debian Wheezy, Ubuntu 12.04.4 LTS, CentOS 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2.”


Edited by F3dupsk1Nup
Link to comment
Share on other sites

  • Replies 15
  • Views 2.5k
  • Created
  • Last Reply

Top Posters In This Topic

  • Reefa


  • sujith


  • software182


  • J.C


UPDATE–Site operators and software vendors are scrambling to fix the OpenSSL heartbleed bug revealed Monday, a vulnerability that enables an attacker to extract 64 KB of memory per request from a server. Attacks can leak private keys, usernames and passwords and other sensitive data, and some large sites, including Yahoo Mail and others, are vulnerable right now.

The vulnerability exists in OpenSSL 1.0.1f and older versions and the maintainers released a patch for the flaw on Monday. However, now that the details of the vulnerability are public, researchers have begun digging into it and several tools have been published to test various domains to see whether they’re vulnerable. Some high-profile sites, including Yahoo Mail, Lastpass, the OpenSSL site and the main FBI site have been confirmed to leak certain information via the bug. There also is a proof-of-concept exploit for the flaw posted on Github.

Lastpass officials said that they patched the vulnerability Tuesday morning, and that user data was never at risk. The company was running a vulnerable version of OpenSSL, but had other security measures in place that mitigated the risk.

“However, LastPass is unique in that your data is also encrypted with a key that LastPass servers don’t have access to. Your sensitive data is never transmitted over SSL unencrypted – it’s already encrypted when it is transmitted, with a key LastPass never receives. While this bug is still very serious, it could not expose LastPass customers’ encrypted data due to our extra layers of protection. On the majority of the web, user data is not encrypted before being transmitted over SSL, hence the widespread concern,” the company said in a blog post.

“Also, LastPass has employed a feature called “perfect forward secrecy”. This ensures that when security keys are changed, past and future traffic also can’t be decrypted even when a particular security key is compromised. ”

The vulnerability lies in the way that OpenSSL handles the heartbeat extension in the TLS protocol.

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users,” a description of the vulnerability written by Codenomicon says.

OpenSSL is perhaps the most widely deployed SSL library and appears in a wide variety of applications, including a number of Linux distributions. Red Hat and Ubuntu already have issued patches for the vulnerability.

But the larger problem is that many SSL certificates could be compromised now, as the secret key that protects a given certificate could be disclosed in an attack on this vulnerability. The process of revoking and reissuing those certificates could go on for a long time, depending upon how many organizations realize their sites are vulnerable and how quickly they respond.

“It’s a nightmare vulnerability, since it potentially leaks your long term secret key — the one that corresponds with your server certificate. Worse, there’s no way to tell if you’ve been exploited. That means the prudent thing to do now is revoke your certificate and get a new one. We’ll see how many people do that,” said cryptographer Matthew Green, a professor at Johns Hopkins University.

The vulnerability in OpenSSL appears to have been introduced two years ago. A test site that enables users to enter domains to check their vulnerability status has been up since Monday.

Ivan Ristic, director of application security research at Qualys, said that the OpenSSL heartbleed flaw is potentially quite damaging for many organizations because of the ease of exploitation and the implications of a successful attack.

“This vulnerability is very easy to exploit. It’s very easy to build from scratch (starting with the OpenSSL diff), and there are also several tools that can be downloaded and used, in a matter of minutes,” Ristic said.

“According to the SSL Pulse statistics, about 32% of the servers in that data set support TLS 1.2. Chances are most of them run OpenSSL, and are thus vulnerable. So that’s a very large number of servers. Because this is so easy to exploit, we’re already seeing many attacks. Servers that did not have Forward Secrecy are the most vulnerable, because a serious adversary, who has a recording of the encrypted site traffic, might now be able to easily recover the site’s private key and use it to decrypt traffic retroactively.”

This article was updated on April 8 to include information from Lastpass.


Link to comment
Share on other sites

I do hope nsane is not vulnerable now! :unsure:

Heres a set of vulnerable sites-


I think we all should change our passwords for almost every site.Just to be safe. :)

Thanks for the list mate..Im password resetting now for all my log-ins..Just to be safe :)

Link to comment
Share on other sites




Edited by jackieo
Link to comment
Share on other sites

Difficulty of Detecting OpenSSL Heartbleed Attacks Adds to Problem

The list of products and sites affected by the OpenSSL heartbleed vulnerability continues to grow, and as security teams implement the patch and dig into the thornier work of revoking certificates, a new problem is emerging: It’s difficult to know whether an attacker has exploited the vulnerability on a given system.

The nature of the vulnerability in OpenSSL is such that an attacker can exploit the vulnerability without the site operator knowing. The flaw lies in the way that the OpenSSL library handles the heartbeat extensions for TLS and it exists in many versions of the software. OpenSSL is deployed on a huge number of sites, roughly two-thirds of the Web by some estimates, and although the OpenSSL Foundation has released a fixed version, it could be some time before the majority of sites are patched.

Experts say that the ambiguity surrounding exploitation of the OpenSSL vulnerability adds an unwelcome layer to an already troubling security problem.

“It’s a nightmare vulnerability, since it potentially leaks your long term secret key — the one that corresponds with your server certificate. Worse, there’s no way to tell if you’ve been exploited. That means the prudent thing to do now is revoke your certificate and get a new one. We’ll see how many people do that,” said cryptographer Matthew Green, a professor at Johns Hopkins University.

Officials at Mozilla acknowledged this quandary in their advisory on the heartbleed vulnerability, which affected some of the organization’s systems running Firefox Persona and Firefox Accounts. Those systems run on Amazon Web Services using OpenSSL.

“Because these TLS connections terminated on Amazon ELBs instead of the backend servers, the data that could have been exposed to potential attackers was limited to data on the ELBs: TLS private keys and the plaintext contents of encrypted messages in transit,” Sid Stamm, senior manager of security and privacy engineering at Mozilla, said in a blog post.

“We have no evidence that any of our servers or user data has been compromised, but the Heartbleed attack is very subtle and leaves no evidence by design. At this time, we do not know whether these attacks have been used against our infrastructure or not. We are taking this vulnerability very seriously and are working quickly to validate the extent of its impact.”

The way that the OpenSSL heartbleed vulnerability works, an attacker who successfully exploits the bug can read up to 64KB of memory from a vulnerable machine, per request. Depending upon the circumstances, the attacker may be able to retrieve a server’s private key or other sensitive data.

Researchers have confirmed that Android devices running versions 4.1.0 and 4.1.1 also are vulnerable. The heartbeat extension was disabled in Android 4.2.


Edited by F3dupsk1Nup
Link to comment
Share on other sites

Here's another tool site for checking web addy's for heartbleed...


By the way, www,yahoo,com (I did not use commas when I checked the site, lol) has the heartbleed on main page but the email is fixed already.

Link to comment
Share on other sites

Heartbleed: Facebook, Twitter, Amazon and Google react to gaping security hole.

Technology vendors have moved to allay customers' concerns about the newly discovered Heartbleed flaw in the OpenSSL implementation of the transport layer security (TLS) protocol.

The security vulnerability was discovered by researchers with a Finnish company called Codenomicon and is believed to affect millions of web servers around the world

Though the US Computer Emergency Response Team (CERT) has published a list of all known affected companies, the full scale of the flaw remains unknown. Its potential for harm is significant as OpenSSL encryption is used by open-source web servers such as Apache and Nginx, which host 66 percent of all sites.

V3 has collected statements and guidance from key companies to help ascertain the full impact of the Heartbleed flaw.

"We added protections for Facebook's implementations of OpenSSL before this issue was publicly disclosed, and we haven't detected any signs of suspicious activity on people's accounts. We're continuing to monitor the situation closely."

"Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows' implementation of SSL/TLS was also not impacted."

"We've assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine."

Google also confirmed the vulnerability affects its Cloud SQL, Compute Engine, Search Appliance and Android services, but promised patches will arrive for them in the very near future.

The Android vulnerability oddly only affects the 4.1.1 Jelly Bean version. The Cloud SQL and Google Compute Engine fixes will be slightly more complex to fix and require separate actions from users.

As explained by Google: “We are currently patching Cloud SQL, with the patch rolling out to all instances today and tomorrow. In the meantime, users should use the IP whitelisting function to ensure that only known hosts can access their instances.

“[Google Compute Engine] customers need to manually update OpenSSL on each running instance or should replace any existing images with versions including an updated OpenSSL. Once updated, each instance should be rebooted to ensure all running processes are using the updated SSL library.”

Amazon has warned customers that the vulnerability affects its Elastic Load Balancing, Amazon Elastic Compute Cloud (EC2), AWS OpsWorks, AWS Elastic Beanstalk and Amazon CloudFront services.

The Elastic Load Balancing components affected by the flaw have been updated, though Amazon recommended: “As an added precaution, we recommend that you rotate your SSL certificates using the information provided in the Elastic Load Balancing documentation.”

The firm also recommended: “Amazon EC2 customers using OpenSSL on their own Linux images should update their images in order to protect themselves from the Heartbleed bug.”

An update is available for AWS OpsWorks and it has already successfully mitigated the issue affecting its CloudFront service.

The company’s AWS Elastic Beanstalk is the only service that remains unfixed, though Amazon confirmed: “We are working with a small number of customers to assist them in updating their SSL-enabled single-instance environments that are affected by this bug.”

"On 7 April 2014 we were made aware of a critical vulnerability in OpenSSL (CVE-2014-0160), the security library that is widely used across the internet and at Twitter. We were able to determine that twitter.com and api.twitter.com servers were not affected by this vulnerability. We are continuing to monitor the situation."

The firm said: "The Cisco Product Security Incident Response Team (PSIRT) is currently investigating which Cisco products are affected by this vulnerability. Cisco Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products was just published and already includes information on vulnerable products and others confirmed not vulnerable.

"The advisory will be updated as additional information about other products becomes available. Cisco will release free software updates that address these vulnerabilities. Any updates specifically related to Cisco will be communicated according to the Cisco Security Vulnerability Policy."

"We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue. But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," Tumblr said.

"This might be a good day to call in sick and take some time to change your passwords everywhere – especially your high-security services like email, file storage, and banking, which may have been compromised by this bug."

"Following a comprehensive review of all our services, our security teams did identify a handful of businesses that we recommend upgrade their Payflow Gateway integrations to eliminate the risk of vulnerability. The Payflow Gateway is a payment gateway for online merchants that links your website to your processing network or merchant account," said PayPal.

"We have already been in touch with the merchants who could potentially be affected and are working with them to upgrade their integrations."


Edited by F3dupsk1Nup
Link to comment
Share on other sites

I definitely think the NSA might have taken undue advantage of this bug.This bug has been around for last 2 years,they might have exploited it several times.

Link to comment
Share on other sites

I definitely think the NSA might have taken undue advantage of this bug.This bug has been around for last 2 years,they might have exploited it several times.

Have a read of This it's a good read about the NSA's possible involvement..

Edited by F3dupsk1Nup
Link to comment
Share on other sites

BlackBerry, Cisco Products Vulnerable to OpenSSL Bug : Source

Edited by F3dupsk1Nup
Link to comment
Share on other sites

Heartbleed = Session hijacking via cookie stealing and many other things, that's great!


Edited by J.C
Link to comment
Share on other sites

“I am responsible”: Heartbleed developer breaks silence : Source

Edited by F3dupsk1Nup
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...