Heartbleed
loresecuritycryptography
The 2014 OpenSSL flaw that let attackers read chunks of a server's memory, including keys and passwords.
A missing bounds check in the TLS heartbeat extension let a client ask for more data than it sent and receive whatever happened to be adjacent in memory. It was one of the first bugs with a logo and a name, and it forced a global scramble to patch servers and rotate secrets.
Also known as: Heartbleed, CVE-2014-0160, OpenSSL heartbeat bug
Sources
- CVE-2014-0160 (2014)