A bug has been identified in OpenSSL, all details can be found at heartbleed.com. The bug has been assigned CVE-2014-0160. OpenSSL versions 1.0.1 – 1.0.1f are vulnerable. We advise to upgrade OpenSSL to version 1.0.1g or higher
Test if you are vulnerable
You can test if you are vulnerable by requesting a heartbeat response with a large response. If the server replies your SSL service is probably vulnerable. You can use any of the tests below:
- http://filippo.io/Heartbleed/ : a web based test
- http://s3.jspenguin.org/ssltest.py : a python script to test for the vulnerability from the command line. If you want to scan multiple sites you can use a modified version with easily parseable output.
- If you use Chrome you can install the Chromebleed extension that alerts you when visiting a vulnerable site.
This vulnerability only applies to OpenSSL versions 1.0.1-1.0.1f (inclusive).
Advice
We advise to perform the following steps for every vulnerable SSL service
- Upgrade the OpenSSL version to 1.0.1g or above
- Revocation of the compromised keys and reissuing and redistributing new keys and SSL certificate
Impact
An attacker can retrieve a block of memory of the server up to 64kb. There is no limit on the number of attacks that can be performed. The attacker has no control over the memory region where the block is read from. Sensitive information that can be obtained is:
- SSL private keys
- Basic authorization strings (username / password combinations)
- Source code
This bug affects both sides of the connection. Not only will client certificates not save you from having to update your server certificate, they can be read from the client (along with your username, password etc.) by any server you connect to. DNS poisoning, MitM etc. can be used to direct clients to a malicious server – it seems that this vulnerability can be exploited before the server has to authenticate itself.
According to http://www.openssl.org/news/openssl-1.0.1-notes.html the heartbeat extension was introduced in March 2012 with the release of version 1.0.1 of OpenSSL. This implies the vulnerability has been around for 2 years.
Updates
OpenSSL has provided an updated version (1.0.1g) of OpenSSL at https://www.openssl.org/source/.