When two hosts share sensitive data between them, the communication must be encrypted. And SSL/TLS is used for that purpose. OpenSSL is one of the most common implementations of SSL/TLS. The Heartbleed is a security vulnerability in OpenSSL that enables attackers to steal sensitive data like login credentials, personal data, or even decryption keys that are communicated over SSL/TLS.
What is the Heartbleed vulnerability?
When two hosts communicate over TLS, the session must be kept alive up to a certain amount of time, even if no real communication has happened in that time. This saves a user from re-entering his login credentials again and again if the session terminates in the middle.
Heartbeat is an extension of the TLS protocol, which is used for this purpose. Using this extension, the TLS session between two hosts is verified. In Heartbleed, attackers exploit the security vulnerability present in the Heartbeat extension to steal sensitive data transferred over TLS.
How do attackers exploit the Heartbleed vulnerability?
As discussed above, the Heartbeat extension verifies that both the hosts communicating over TLS are still connected and available for communication. For that purpose, an OpenSSL client sends a Heartbeat message to the OpenSSL server. The OpenSSL server then relays the message back to the client or the sender.
This Heartbeat message contains mainly two components – information on the payload size and the actual payload. This payload can be up to 64 KB in size.
0 Comments