Editing OpenSSL (section)

=== {{anchor|Heartbleed bug}}Heartbleed ===

{{Main|Heartbleed}}

[[File:Heartbleed.svg|thumb|A logo representing the Heartbleed bug]]

OpenSSL versions 1.0.1 through 1.0.1f have a severe memory handling [[software bug|bug]] in their implementation of the [[Transport Layer Security|TLS]] Heartbeat Extension that could be used to reveal up to 64&nbsp;[[Kibibyte|KB]] of the application's memory with every [[heartbeat (computing)|heartbeat]]<ref>{{cite web|title=OpenSSL Security Advisory [07 Apr 2014]|url=https://www.openssl.org/news/secadv_20140407.txt|author=OpenSSL.org|access-date=9 April 2014|date=7 April 2014|df=mdy-all|archive-date=April 8, 2014|archive-url=https://web.archive.org/web/20140408195036/https://www.openssl.org/news/secadv_20140407.txt|url-status=dead}}</ref><ref>{{Cite web| last = OpenSSL| title = TLS heartbeat read overrun (CVE-2014-0160)| access-date = 2014-04-08| date = 2014-04-07| url = https://www.openssl.org/news/secadv_20140407.txt| df = mdy-all| archive-date = April 8, 2014| archive-url = https://web.archive.org/web/20140408195036/https://www.openssl.org/news/secadv_20140407.txt| url-status = dead}}</ref> ({{CVE|2014-0160}}). By reading the memory of the web server, attackers could access sensitive data, including the server's [[public-key cryptography|private key]].<ref name="hb">{{Cite web| last = Codenomicon Ltd| title = Heartbleed Bug| access-date = 2014-04-08| date = 2014-04-08| url = http://heartbleed.com/| df = mdy-all| archive-date = April 7, 2014| archive-url = https://web.archive.org/web/20140407203519/http://heartbleed.com/| url-status = live}}</ref> This could allow attackers to decode earlier [[eavesdropping|eavesdropped]] communications if the encryption protocol used does not ensure [[perfect forward secrecy]]. Knowledge of the private key could also allow an attacker to mount a [[man-in-the-middle attack]] against any future communications.{{citation needed|date=April 2019}} The vulnerability might also reveal unencrypted parts of other users' sensitive requests and responses, including [[session cookie]]s and passwords, which might allow attackers to [[Session hijacking|hijack the identity]] of another user of the service.<ref name="ipsec">{{cite web |url=http://ipsec.pl/ssl-tls/2014/why-heartbleed-dangerous-exploiting-cve-2014-0160.html |title=Why Heartbleed is dangerous? Exploiting CVE-2014-0160 |year=2014 |publisher=IPSec.pl |access-date=April 8, 2014 |archive-date=April 8, 2014 |archive-url=https://web.archive.org/web/20140408224556/http://ipsec.pl/ssl-tls/2014/why-heartbleed-dangerous-exploiting-cve-2014-0160.html |url-status=dead}}</ref>

At its disclosure on April 7, 2014, around 17% or half a million of the Internet's secure [[web servers]] certified by [[Certificate authority|trusted authorities]] were believed to have been vulnerable to the attack.<ref>{{cite web|last=Mutton|first=Paul|title=Half a million widely trusted websites vulnerable to Heartbleed bug|url=http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html|publisher=Netcraft Ltd.|access-date=8 April 2014|date=8 April 2014|df=mdy-all|archive-date=November 19, 2014|archive-url=https://web.archive.org/web/20141119102520/http://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html|url-status=live}}</ref> However, Heartbleed can affect both the server and client.