Questions tagged [heartbleed]
Security vulnerability in OpenSSL allowing an attacker to obtain SSL keys, passwords, and other secure data from a server or client
24
questions
1
vote
1
answer
75
views
HeartBleed and Client certificates
Is it true that a server, setup to require a client certificate, cannot suffer from the Heartbleed vulnerability, if that user does not have a client certificate?
1
vote
3
answers
655
views
Compile Heartbleed.c Tester On CentOS 6.x
I have been looking for days now for a solution to this, basically I am trying to test my network for the heartbleed bug, but I am unable to compile the tester on CentOS 6.x, any ideas or suggestions ...
-1
votes
1
answer
51
views
How can I secure Windows from heartbleed
I just fixed my openssl version on debianwheezy and updated my android device away from version 1.1.1 but the only thing that is missing is my windows-PC. My question now is, how is windows 7 ...
6
votes
2
answers
2k
views
Heartbleed "Unexpected message"
I have a task to verify our company's software patch which addresses Heartbleed attack.
Now, I am certain that version of software I am trying to exploit uses 1.0.1e OpenSSL library, which should be ...
1
vote
2
answers
20k
views
How to get the OpenSSL version in a Tomcat 6 installation
After reading an article about the Heartbleed security bug, I understand that it is good practice to check the OpenSSL version Apache Tomcat is using.
The article contains this sentence:
What ...
-1
votes
2
answers
329
views
If man-in-the-middle attacks are rare, is Heartbleed as serious as suggested? [closed]
I connect to the internet on a secured wireless connection. I'm pretty sure nobody has MITM'd me on my LAN. How else could someone using Heartbleed to steal private keys access my data? I understand ...
0
votes
3
answers
136
views
How do I know if a site is vulnerable to the Heartbleed bug?
So, I was thinking I should probably start changing my passwords after hearing all the talk about the Heartbleed bug. However, I then started thinking, what is the point of changing my password at a ...
6
votes
4
answers
21k
views
apt-get upgrade openssl won't bring Ubuntu 12.04 to latest version
I've tried the following, but I can't get a build date later than:
Tue, Aug 21 05:18:46 UTC 2012
I have done the following:
apt-get dist-upgrade
apt-get update
apt-get upgrade openssl
and
apt-get ...
0
votes
1
answer
1k
views
After the Heartbleed bug, do we need to update our OpenSSL DLL's?
Our software we develop uses the Indy internet component suite in Delphi. Indy has capabilities for OpenSSL. Since the Heartbleed incident, we're wondering if we need to take action.
We distribute 2 ...
0
votes
1
answer
470
views
Do I have to install Openssl 1.0.1g in usr/local/lib64 to overwrite usr/lib64 one? (CentOS 6.4, heartbleed issue)
I am using a VPS, I need to upgrade openssl with the new package in consequence of the heartbleed vulnerability issue.
But I am a newbie in managing server, I need to know if I am getting this right :...
1
vote
2
answers
103
views
Heartbleed threat: Do I need to change password for websites that I rarely logon?
I've a dozen email accounts, probably a hundred websites and forum accounts and I don't want to go about changing all the passwords.
Do I need to change the password of websites that I seldom logon - ...
0
votes
2
answers
155
views
heartbleed are CA private keys compromised?
have any CA private keys such as those used by godaddy to issue private/public key pairs compromised as a result of heartbleed?
1
vote
1
answer
58
views
Does Heartbleed pose a risk for past HTTPS communications?
Heartbleed exposes a threat where computer memory for a vulnerable could be exposed.
Consider an adversary with access to all cipher text input and output of your server (ISP, government, local ...
4
votes
2
answers
418
views
How do I distinguish between these two certificate situations?
Situation 1 (safe):
Website was vulnerable to heartbleed and using a certificate not valid before 2012-10-21
Website upgraded to an unvulnerable version of OpenSSL
Website re-keyed and got a their ...
1
vote
3
answers
2k
views
How to setup Apache HTTP server with the vulnerable OpenSSL
I want to do some test, so I want to set up an Apache HTTP server with the vulnerable OpenSSL (specifically with the Heartbleed bug), and I'd better do it from source.
How do I do that?