Abstract–A OpenSSL versions 1.0.1 through 1.0.1f—introduced beginning in March 2012—had a serious memory handling flaw in their implementation of the TLS Heartbeat Extension.
This extension helps maintain user Internet connections without the need for continuous data
transfers. Attackers could exploit the bug to access an application’s memory, including sensitive data and private encryption keys. The latter could let them launch man-in-the middle attacks and decode intercepted communications. This has been introduced as the worst vulnerability in the modern internet. Existence of this vulnerability for two years without being discovered illustrates that a lot of important open source Internet software is not funded, developed, or reviewed carefully enough and the testing tools are not advanced enough to detect it.
Article Details
Unique Paper ID: 102323
Publication Volume & Issue: Volume 1, Issue 12
Page(s): 1536 - 1541
Article Preview & Download
Share This Article
Join our RMS
Conference Alert
NCSEM 2024
National Conference on Sustainable Engineering and Management - 2024