National Cyber Security Centre - Ministry of Security and Justice

Factsheet Heartbleed: Serious vulnerability in OpenSSL

Last change :
14-04-2014
First publication:
14-04-2014
Version:
1.1
Type:
Factsheet

The Heartbleed vulnerability was published on 7 April 2014. This is a vulnerability in the OpenSSL programming library. Attackers can retrieve secret keys and certificates from vulnerable servers or other devices. It is also possible to retrieve other sensitive information such as passwords and client data.

Attackers can use the secret keys of certificates to retrieve information from encrypted connections that are used for websites, e-mail and VPN, for example.

This serious vulnerability can be removed by upgrading the server or other device to an OpenSSL version that is not vulnerable. Moreover, it is recommended that certificates and the corresponding secret keys be replaced if they have been used on a vulnerable server.

Download

CSAN 2017

CSAN 2017