Heartbleeder Automatic detection of OpenSSL heart Bleed Vulnerability (with repair guide)

Source: Internet
Author: User
Tags openssl version cve
This is a creation in Article, where the information may have evolved or changed.

Heartbleeder can detect if your server has a OpenSSL cve-2014-0160 vulnerability (heart bleed hole).

What is a heart bleed leak?

cve-2014-0160, a bleeding hole in the heart, is a very serious OpenSSL vulnerability. This vulnerability could allow an attacker to read 64KB-sized memory information from a vulnerable server. This information may contain very sensitive information, including the user request, password, or even the private key of the certificate.

It is alleged that an attacker has attempted to use the vulnerability to read data on a treasure, after reading 200 times, obtained more than 40 user names and 7 passwords.

How do I use Heartbleeder to detect heart bleed leaks?

Installation

A compressed package of compiled binaries can be downloaded in Gobuild.io. Includes Windows, Linux, MacOSX.

Because Linux is most commonly used in server operating systems, here are the commands to download the Linux binary compression package:

Linux (AMD64)

wget http://gobuild.io/github.com/titanous/heartbleeder/master/linux/amd64 -O output.zip

Linux (i386)

wget http://gobuild.io/github.com/titanous/heartbleeder/master/linux/386 -O output.zip

After downloading, unzip it.

You can also compile your own installation (go version requires more than 1.2), using the following command:

go get github.com/titanous/heartbleeder

Binary files are placed in the $GOPATH/bin/heartbleeder .

Use

$ heartbleeder example.comINSECURE - example.com:443 has the heartbeat extension enabled and is vulnerable

Postgres uses OpenSSL by default on port 5432, and if you use a Postgres server, you need to use the following command:

$ heartbleeder -pg example.comSECURE - example:5432 does not have the heartbeat extension enabled

How to manually detect bleeding holes in your heart

If it is not convenient to install Heartbleeder, or do not trust the results of automatic detection, can also be manually detected.

First determine if the version of OpenSSL on the server is a vulnerable version. The currently vulnerable versions are: 1.0.1-1.0.1f (contains 1.0.1f) as well 1.0.2-beta . You can use the following command to view the current version on the server:

openssl version

Then you need to determine if the heartbeat extension is turned on:

openssl s_client -connect 你的网站:443 -tlsextdebug 2>&1| grep 'TLS server extension "heartbeat" (id=15), len=1'

If you are satisfied with the above two conditions, unfortunately, your server is affected by this vulnerability and needs to be repaired as soon as possible.

How to fix

    1. Offline the affected server to prevent it from continuing to leak sensitive information.
    2. Stop the old version of the OpenSSL service, upgrade OpenSSL to the new version, and reboot.
    3. Generates the XINMI key. (because an attacker could obtain a private key through a vulnerability.) Submit the Xinmi key to your CA, and then install the XINMI key on the server after obtaining the new authentication.
    4. The server is online.
    5. Revoke the old certification.
    6. Revoke the existing session cookies.
    7. Requires the user to modify the password.

Compiling Segmentfault

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.