- 14th April 2014
- Posted by: Binoy
- Category: Advisory Alerts, Incident Response
Heartbleed vulnerability is on the loose leaking critical information including usernames and passwords from a large number of servers worldwide. It affects almost 2/3 of the internet and traces of various servers indicate the exploit presence since November 2013.
Heartbleed exploits a bug in many versions of the OpenSSL software which allows anyone with an access to your server (internet / internal network) to read the memory of these servers. These servers include webservers, SSL VPNs, various network / security devices with OpenSSL resulting in a large subset of internet vulnerable to this attack. In addition to the usernames and passwords, the SSL Certificate private key and other information in the system memory can be compromised.
Vulnerability scanners have already included the Heartbleed patterns and a scan would reveal if the servers are vulnerable. ValueMentor clients can touch base with your account manager to get the free scans of your infrastructure. Alternatively, you can usehttp://filippo.io/Heartbleed/ to check the status of your OpenSSL implementation.
Mashable reports the internet service companies which are affected by this vulnerability and the need for changing your passwords on these servers.
How to fix this vulnerability
Contact your vendors to get the fix, almost all vendors have a fix available by now. OpenSSL 1.0.1g is not affected by this vulnerability. Consider upgrading to this version to stay protected. If you can upgrade immediately, consider recompiling OpenSSL with DOPENSSL_NO_HEARTBEATS.
A work around for those who cannot apply the fix would be to update the IPS and Web application firewalls and configure the rule sets to detect and prevent attacks on this weakness.
Exploitation leaves on trace of the attack, considering this, as a proactive measure one may consider the following
Patch your vulnerable systems
Change your SSL certificates and all administrator passwords after patching
Potentially, inform your customers about the need for changing the usernames & passwords