![]() ![]() System administrators were frequently slow to patch their systems. A fixed version of OpenSSL was released on 7 April 2014, on the same day Heartbleed was publicly disclosed. The federal Canadian Cyber Incident Response Centre issued a security bulletin advising system administrators about the bug. Heartbleed was registered in the Common Vulnerabilities and Exposures database as CVE- 2014-0160. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed. Thus, the bug's name derived from heartbeat. ![]() It resulted from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. Security company Codenomicon gave Heartbleed both a name and a logo, contributing to public awareness of the issue. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |