A potentially serious 0-day attack has been disclosed affecting many websites employing OpenSSL (versions 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1 and 1.0.2-beta) for their HTTPS implementations. The heartbleed vulnerability CVE-2014-0160, allows an attacker to query up to 64kB of data from the server’s volatile memory. The information could include sensitive data, encryption keys, anything that your applications have placed in memory. Disclosure of this data to an attacker may not be detectable by the victim.
This is a confirmed ...Continue Reading → Share