Follow

"Heartbleed" OpenSSL Vulnerability: CVE-2014-0160

RedShield Advisory regarding "Heartbleed" OpenSSL Vulnerability CVE-2014-0160

 

Difficulty of Exploitation:

Low
Impact: High
Risk Score:  9/10

 

The Heartbleed vulnerability in OpenSSL allows system memory to be read remotely by attackers. This memory may include SSL certificate private key material, session IDs, passwords etc

 

All RedShield customer assets have been tested for this vulnerability, and all affected customers have been notified of this issue. If you have additional assets not scanned by RedShield or would like to manually retest please use the link below. For questions contact support@redshield.co.

 

The Heartbleed vulnerability in OpenSSL allows SSL certificate private key material to be compromised remotely by attackers.

 

Consequences

1. SSL connections could be vulnerable to man in the middle attacks

2. There is a potential loss of confidentiality of the data flowing across SSL connections (for example, usernames and passwords for HTTPS websites, sensitive data flowing over VPNs, encrypted email servers)

 

OpenSSL Vulnerable Versions

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

The vulnerability was introduced to OpenSSL in December 2011 

It has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

 

Recommended steps on servers running vulnerable versions of OpenSSL

 

  1. Re-isssue SSL certificates and install new certs and keys onto patched servers
  2. Reset any user account passwords on services using SSL to encrypt the communication
  3. Client side software that uses a vulnerable version of OpenSSL are also vulnerable to this attack and should be patched asap. 
  4. Browsers must be set to use Certificate Revocation Lists and not accept revoked certificates.

 

 

Recommendations for RedShield Cloud customers

RedShield Cloud SSL stack is not vulnerable to this issue; however customers should follow the recommendations above if the origin web server is vulnerable to this attack. Servers should also be locked down at the firewall to only accept traffic from RedShield Cloud, as outlined here:

https://support.redshield.co/entries/49121296-Firewall-Settings-for-RedShield 

 

For Urgent Remediation of Vulnerable Systems: 

RedShield Cloud may be deployed to provide remediation for any systems which cannot be patched, or require additional time. Please contact support@redshield.co 

 

Further information on this vulnerability:

For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 

 

 
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments