Security vulnerabilities have serious ramifications for users across the web and the popular Heartbleed vulnerability in OpenSSL library is one of them. A critical vulnerability nicknamed “Heartbleed” was discovered in OpenSSL, the most popular SSL module used on Linux/cPanel servers. This exploit allows a third party to steal information that would otherwise be secured and encrypted with the SSL/TLS protocol, and to steal the private keys from the certificate pair itself.
OpenSSL is a cryptographic library that helps secure sensitive information all over the internet.
Although recently discovered, Heartbleed vulnerability is actually a coding bug in the OpenSSL library (from version 1.0.1 to 1.0.1f) that can leak sensitive information to unauthorized users. This information includes almost everything communicated over SSL connections such as login credentials, banking transactions, credit/debit card information, instant messaging, VPNs, emails etc.
If exploited, the attacker can trick the server into exposing its private encryption key. This private key can further be used to impersonate services and allow the attacker to gain access to further sensitive data since the user would be assuming it’s connected to the right server via SSL.
Our NOC team learnt about the security vulnerability as soon as it was announced. We immediately patched all servers of all our clients. We also intimated everyone across our resources and client base to take the proper steps to contain the situation.