StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
20015

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

Heartbleed OpenSSL Vulnerability

Reference
Plugin ID: 20015 CWE: 119 WASC: 20 High Active Information Gathering

Remediation

  1. Update OpenSSL immediately: Upgrade to OpenSSL 1.0.1g or later versions that fix the Heartbleed vulnerability.
  2. Reissue certificates: Generate and deploy new SSL/TLS certificates as existing ones may be compromised.
  3. Change private keys: Replace all asymmetric private keys and shared secret keys that may have been exposed.
  4. Monitor for exploitation: Review server logs for signs of Heartbleed exploitation attempts.

About

The Heartbleed vulnerability (CVE-2014-0160) is a critical security flaw in OpenSSL's implementation of the TLS heartbeat extension. It allows attackers to read arbitrary memory from the server, potentially exposing private keys, passwords, and other sensitive data without leaving traces in server logs.

Risks

Critical Heartbleed can expose private SSL keys, user passwords, sensitive data, and server memory contents, allowing attackers to decrypt traffic, impersonate services, and steal credentials with no evidence of compromise.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy