OpenSSL Vulnerability

Posted April 09, 2014
Security Advisories

OpenSSL versions 1.0.1 through 1.0.1f contain a flaw that allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library.

The bug commonly known as Heartbleed, allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.

This potentially compromises the secret keys used to secure internet communication, the names and passwords of the users and the actual content.

Exploit code for this vulnerability is publicly available.

Refer to: US-Cert OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)(external link)

Latest headlines

Cyber security agencies call out PRC-linked ‘botnet’ and provide mitigation advice

Quarter Two Cyber Security Insights 2024

Cyber security guidance for high-profile individuals

Update on the integration of CERT NZ and the NCSC