OpenSSL Vulnerability

OpenSSL versions 1.0.1 through 1.0.1f contain a flaw that allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library. 

The bug commonly known as Heartbleed, allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.

This potentially compromises the secret keys used to secure internet communication, the names and passwords of the users and the actual content. 

Exploit code for this vulnerability is publicly available.

 

Refer to: US-Cert OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)(external link)