Skip to main content
Super User

Questions tagged [heartbleed]

Ask Question

Security vulnerability in OpenSSL allowing an attacker to obtain SSL keys, passwords, and other secure data from a server or client

24 questions
Newest Active Bountied Unanswered
1 vote
1 answer
75 views

HeartBleed and Client certificates

Is it true that a server, setup to require a client certificate, cannot suffer from the Heartbleed vulnerability, if that user does not have a client certificate?
Myforwik's user avatar
Myforwik
  • 11
1 vote
3 answers
655 views

Compile Heartbleed.c Tester On CentOS 6.x

I have been looking for days now for a solution to this, basically I am trying to test my network for the heartbleed bug, but I am unable to compile the tester on CentOS 6.x, any ideas or suggestions ...
Jeffrey L. Roberts's user avatar
Jeffrey L. Roberts
  • 434
-1 votes
1 answer
51 views

How can I secure Windows from heartbleed

I just fixed my openssl version on debianwheezy and updated my android device away from version 1.1.1 but the only thing that is missing is my windows-PC. My question now is, how is windows 7 ...
user3005255's user avatar
user3005255
  • 21
6 votes
2 answers
2k views

Heartbleed "Unexpected message"

I have a task to verify our company's software patch which addresses Heartbleed attack. Now, I am certain that version of software I am trying to exploit uses 1.0.1e OpenSSL library, which should be ...
Jovan Perovic's user avatar
Jovan Perovic
  • 63
1 vote
2 answers
20k views

How to get the OpenSSL version in a Tomcat 6 installation

After reading an article about the Heartbleed security bug, I understand that it is good practice to check the OpenSSL version Apache Tomcat is using. The article contains this sentence: What ...
Ziba Leah's user avatar
Ziba Leah
  • 133
-1 votes
2 answers
329 views

If man-in-the-middle attacks are rare, is Heartbleed as serious as suggested? [closed]

I connect to the internet on a secured wireless connection. I'm pretty sure nobody has MITM'd me on my LAN. How else could someone using Heartbleed to steal private keys access my data? I understand ...
Cameron's user avatar
Cameron
  • 1
0 votes
3 answers
136 views

How do I know if a site is vulnerable to the Heartbleed bug?

So, I was thinking I should probably start changing my passwords after hearing all the talk about the Heartbleed bug. However, I then started thinking, what is the point of changing my password at a ...
phaz's user avatar
phaz
  • 298
6 votes
4 answers
21k views

apt-get upgrade openssl won't bring Ubuntu 12.04 to latest version

I've tried the following, but I can't get a build date later than: Tue, Aug 21 05:18:46 UTC 2012 I have done the following: apt-get dist-upgrade apt-get update apt-get upgrade openssl and apt-get ...
user1182988's user avatar
user1182988
  • 162
0 votes
1 answer
1k views

After the Heartbleed bug, do we need to update our OpenSSL DLL's?

Our software we develop uses the Indy internet component suite in Delphi. Indy has capabilities for OpenSSL. Since the Heartbleed incident, we're wondering if we need to take action. We distribute 2 ...
Jerry Dodge's user avatar
Jerry Dodge
  • 373
0 votes
1 answer
470 views

Do I have to install Openssl 1.0.1g in usr/local/lib64 to overwrite usr/lib64 one? (CentOS 6.4, heartbleed issue)

I am using a VPS, I need to upgrade openssl with the new package in consequence of the heartbleed vulnerability issue. But I am a newbie in managing server, I need to know if I am getting this right :...
Tritof's user avatar
Tritof
  • 115
1 vote
2 answers
103 views

Heartbleed threat: Do I need to change password for websites that I rarely logon?

I've a dozen email accounts, probably a hundred websites and forum accounts and I don't want to go about changing all the passwords. Do I need to change the password of websites that I seldom logon - ...
Joshua Lim's user avatar
Joshua Lim
  • 261
0 votes
2 answers
155 views

heartbleed are CA private keys compromised?

have any CA private keys such as those used by godaddy to issue private/public key pairs compromised as a result of heartbleed?
rory's user avatar
rory
  • 19
1 vote
1 answer
58 views

Does Heartbleed pose a risk for past HTTPS communications?

Heartbleed exposes a threat where computer memory for a vulnerable could be exposed. Consider an adversary with access to all cipher text input and output of your server (ISP, government, local ...
William Entriken's user avatar
William Entriken
  • 2,274
4 votes
2 answers
418 views

How do I distinguish between these two certificate situations?

Situation 1 (safe): Website was vulnerable to heartbleed and using a certificate not valid before 2012-10-21 Website upgraded to an unvulnerable version of OpenSSL Website re-keyed and got a their ...
user avatar
user148324
1 vote
3 answers
2k views

How to setup Apache HTTP server with the vulnerable OpenSSL

I want to do some test, so I want to set up an Apache HTTP server with the vulnerable OpenSSL (specifically with the Heartbleed bug), and I'd better do it from source. How do I do that?
ytliu's user avatar
ytliu
  • 111

15 30 50 per page
1
2