Vulnerability
Description
OpenSSL’s TLS implementation before 1.0.1g fails to handle Heartbeat Extension packets properly, allowing attackers to read sensitive information from process memory using crafted packets.
Recommendation
Upgrade to OpenSSL 1.0.1g or later. Reissue HTTPS certificates and replace compromised asymmetric private keys, shared secret keys with no evidence of compromise in server logs.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
