Description
Heartbleed is a critical security vulnerability found in the OpenSSL cryptography library, used for implementing the Transport Layer Security (TLS) protocol. Attackers can exploit this bug remotely to retrieve sensitive information from the affected server’s memory via specially crafted packets.
Recommendation
Upgrade OpenSSL to the latest version compatible with your environment. After upgrading, revoke and reissue affected SSL/TLS certificates, and advise users to change their passwords, as they may have been compromised.
References
- Wikipedia: Heartbleed
- OpenSSL
- CVE-2014-0160
- CWE-119
- CWE-200
- CAPEC-216
- CAPEC-118
- CAPEC-310
- OWASP 2021-A5
- OWASP 2021-A6