SSL Heartbleed

ssl, network

Overview #

The SSL standard includes a heartbeat option, which allows a computer at one end of an SSL connection to send a short message to verify that the other computer is still online and get a response back. Researchers found that it’s possible to send a cleverly formed, malicious heartbeat message that tricks the computer at the other end into divulging secret information. Specifically, a vulnerable computer can be tricked into transmitting the contents of the server’s memory, known as RAM.

CVE-2014-0160

Versions Affected #

Public Exlploits #

you may need to run exploits multiple times to capture some output from server memory such as scheduled processes

References #