SSL Heart Bleed
Check your SSL/TLS configuration for Heartbleed vulnerability. We want to make sure that you are using correct openSSL libraries that does not have any weakness.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
6 seconds
Time Interval
1 month 4 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
What is Heartbleed Vulnerability
It is a weakness caused by the vulnerability in OpenSSL's library. When this vulnerability is exploited, unauthorized access to the 64kb instant memory space can be accessed on the Server or Client. In this way, all of the data that is said to be encrypted on the RAM memories of the server can be read.
OpenSSL, which enables data to be sent and received in encrypted form for secure communication, sends a HeartBeat message that reflects the data back to verify that the data was received correctly during communication. The attacker sends 1KB of data to the Server & Client where this weakness exists, but tricks it by telling that Server & Client has 64KB of data to check and mirror the data, that is, "HeartBeat". The system then reflects back 64KB of data to the attacker.
