Heartbleed

lore

securitycryptography

The 2014 OpenSSL flaw that let attackers read chunks of a server's memory, including keys and passwords.

A missing bounds check in the TLS heartbeat extension let a client ask for more data than it sent and receive whatever happened to be adjacent in memory. It was one of the first bugs with a logo and a name, and it forced a global scramble to patch servers and rotate secrets.

Also known as: Heartbleed, CVE-2014-0160, OpenSSL heartbeat bug

Sources

  • CVE-2014-0160 (2014)

All glossary entries