Factsheet Heartbleed: Serious vulnerability in OpenSSL
The Heartbleed vulnerability was published on 7 April 2014. This is a vulnerability in the OpenSSL programming library. Attackers can retrieve secret keys and certificates from vulnerable servers or other devices. It is also possible to retrieve other sensitive information such as passwords and client data.
Attackers can use the secret keys of certificates to retrieve information from encrypted connections that are used for websites, e-mail and VPN, for example.
This serious vulnerability can be removed by upgrading the server or other device to an OpenSSL version that is not vulnerable. Moreover, it is recommended that certificates and the corresponding secret keys be replaced if they have been used on a vulnerable server.