Heartbleed bug is a very serious bug present in OpenSSL cryptographic software library. This bug allowed leakage of sensitive information via the SSL/TLS encryption that was used to secure the internet. The SSL/TLS protocol was first introduced to provide better security and privacy for web applications like VPNs (Virtual Private Network), E-mail service and many more. The attacker can use this bug to read the memory of the application with any vulnerable versions of OpenSSL. The attacker can also use the secret keys to identify the service provider and can decrypt the network traffic to get sensitive information like user credentials and many more. Using this key, the attacker can also overhear the conservation between the clients and the server to extract sensitive information. An attacker can attack an application using old versions of OpenSSL without leaving any traces on the server log.
The impact for this vulnerability include:-
Beagle recommends the following for fixing this vulnerability:-