Security Advisory regarding the OpenSSL Vulnerability [CVE-2014-0160]
Josh Frazier -
The issue is that the OpenSSL library version 1.0.1 (versions 1.0.1 to 1.0.1f) contains a securityflaw, which allows an attacker to trick the server into returning 64kB of memory from the server process memory. This can be done without having to log in or authenticate first. The reason for this is a feature called “heart beat” (RFC 6520) which was added to OpenSSL version 1.0.1. When the feature was added, a flaw allowed the client to request that the server return 64kB of data. Depending on what this data contains, the attacker may gain access to user credentials or certificates.
For more information, please refer to these articles:
To find out more and how to protect your devices, visit:
1510 Primewest Parkway | Suite 800
Katy, TX 77449