About us
Attingo Datenrettung
Crowes Agency OG
- RSS English -
- RSS Deutsch -

TLS Heartbeat Bug in OpenSSL

Security researchers have identified a critical bug in certain OpenSSL versions. The bug is called Heartbleed (CVE-2014-0160 is the official reference to this bug) because it is located in OpenSSL's code section for the TLS Heartbeat option used for encrypted data transmissions. The error in the code enables attackers to gather information from your server's memory remotely. Attacks can gain access to sensitive information such as cryptographic keys, certificates, passwords, and other material stored in memory.

The recommended course of action is to upgrade your OpenSSL library immediately, restart all services using OpenSSL, and to issue new cryptographic keys and certificates for every system that has been using the vulnerable version of the library. You should examine the configuration of your services in any case. There are guides available for various services. Most SSL/TLS-enabled hit the bug unless you have taken additional measures (such as using TLS Authentication in the case of OpenVPN).

If you are in doubt, please contact an expert and review your deployed services and your infrastructure. We can offer assistance, please do not hesitate to contact us.