Heartbleed Bug: Serious Vulnerability in OpenSSL

Heartbleed Bug is a critical vulnerability in the OpenSSL library, allowing attackers to steal sensitive information protected by SSL/TLS encryption. Learn how this bug works, where it was used, why it was made, and what data was leaked. Explore resources for understanding and fixing the Heartbleed Bug.

• Heartbleed
• OpenSSL
• Vulnerability
• SSL/TLS
• Encryption

navarrette_n Follow

Uploaded on Feb 25, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Heartbleed By: Jace Alexander

2. What is Heartbleed? Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

3. How it works? Heartbleed attack allows an attacker to retrieve a block of memory of the server up to 64kb in response directly from the vulnerable server via sending the malicious heartbeat and there is no limit on the number of attacks that can be performed.

4. Where was it used? It was used in the OpenSSL s implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server s memory, potentially revealing users data that the server did not intend to revel.

5. Why was it made? Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.

6. What was being leaked? Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.

7. Resources Fruhlinger, J. (2017, September 13). What is the Heartbleed bug, how does it work and how was it fixed? Retrieved from https://www.csoonline.com/article/3223203/vulnerabilities/what-is-the-heartbleed-bug- how-does-it-work-and-how-was-it-fixed.html Kumar, M. (2014, April 17). HeartBleed Bug Explained - 10 Most Frequently Asked Questions. Retrieved from https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html Synopsys, Inc. http://www.synopsys.com/. (n.d.). Heartbleed Bug. Retrieved from http://heartbleed.com/