The Heartbleed Bug and TLS/SSL Vulnerability

the heartbleed bug and attack n.w
1 / 8
Embed
Share

Learn about the Heartbleed bug, its impact on TLS/SSL protocols, how the attack is launched, and steps to fix it. Explore the risks and consequences associated with this vulnerability.

  • Heartbleed Bug
  • TLS/SSL
  • Vulnerability
  • Cybersecurity
  • Attack
rayaanacharya
koep_o Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. The Heartbleed Bug and Attack

  2. Background: the Heartbeat Protocol TLS/SSL protocols provide a secure channel between two communicating applications TLS/SSL is widely used Heartbeat extension: implement keep-alive feature of TLS. Heartbleed bug is an implementation flaw in TLS/SSL heartbeat extension.

  3. How Response Packet is Constructed Problem: how much is copied depends on the value contained in the payload length field. What if this value is larger than the actual payload size?

  4. Launch the Attack Attack results: Some data from the server s memory also got copied into the response packet, which will be sent out

  5. Launch the Heartbleed Attack 0x0016 (22) is placed in the length field. Which exactly matches with the actual length of the payload. We play with this length field to perform our attack in the next slide

  6. Launch the Heartbleed Attack We got some secret from the server

  7. Fixing the Heartbleed Bug Simply update your system s OpenSSL library. The following two commands can be used for it: The following code shows how the OpenSSL library is fixed

  8. Summary Heartbeat protocol The flaw in the heartbeat protocol Heartbleed bug How to launch the attack

Related


Eidetic Systems and Motivation in Technology

Eidetic Systems and Motivation in Technology

ander
Enhancing Security with Efficient Intra-App Compartmentalization

Enhancing Security with Efficient Intra-App Compartmentalization

jaer997
In-Process Isolation with Memory Protection Keys

In-Process Isolation with Memory Protection Keys

hjil
Heartbleed Bug: Serious Vulnerability in OpenSSL

Heartbleed Bug: Serious Vulnerability in OpenSSL

navarrette_n
Heartbleed Security Bug and Buffer Overflow Vulnerabilities

Heartbleed Security Bug and Buffer Overflow Vulnerabilities

elodees

More Related Content