SSL Heartbleed Vulnerability Checker
Check your SSL/TLS configuration for Heartbleed vulnerability. Ensure your system is using a patched OpenSSL version.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
20 seconds
Time Interval
1 month 4 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
What is Heartbleed Vulnerability?
Heartbleed is a vulnerability caused by a weakness in OpenSSL’s library, specifically in its handling of the Heartbeat extension. This extension allows a client or server to send a heartbeat message to the other side, requesting the return of the message's content. If exploited, attackers can read the 64KB of instant memory space on the server or client, effectively accessing encrypted information that should not be visible.
When an attacker sends a crafted heartbeat request, they trick the server or client into revealing memory contents. This can lead to the exposure of private keys, session tokens, and other sensitive information. The vulnerability puts at risk data that is supposedly protected by SSL/TLS, potentially exposing it to unauthorized access.
Mitigations include upgrading OpenSSL to a version that patches the Heartbleed vulnerability, setting session lifetimes to minimize exposure, and ensuring that cryptographic keys are properly managed.
