Ver
· TLS - Transport Layer Security
Heartbleed
(español: hemorragia de corazón) es un agujero de seguridad (bug) de software
en la biblioteca de código abierto OpenSSL, solo vulnerable en su versión
1.0.1f, que permite a un atacante leer la memoria de un servidor o un cliente,
permitiéndole por ejemplo, conseguir las claves privadas SSL de un servidor.
http://es.wikipedia.org/wiki/Heartbleed
Heartbleed is a
security bug in the OpenSSL cryptography library that gained widespread
attention in April 2014. OpenSSL is a widely used implementation of the
Transport Layer Security (TLS) protocol. Heartbleed may be exploited whether
the party using a vulnerable OpenSSL instance for TLS is a server or a client.
Heartbleed results from improper input validation (due to a missing bounds
check) in the implementation of the TLS heartbeat extension, the heartbeat
being the basis for the bug's name. The vulnerability is classified as a buffer
over-read, a situation where software allows more data to be read than should
be allowed.
http://en.wikipedia.org/wiki/Heartbleed
Temas relacionados