Heartbleed - An OpenSSL Heartbeat Vulnerability

Heartbleed was a major buffer-over-read vulnerability in the OpenSSL implementation of the Heartbeat extension in TLS that went unnoticed for several years.

Heartbleed - An OpenSSL Heartbeat Vulnerability

Heartbleed is the name given to the vulnerability found in the OpenSSL implementation of the heartbeat protocol. The name was coined by Codenomicon after their apparent discovery of the bug in 2014 and their registration of the domain heartbleed.com to publicly disclose the bug. We later learned that Neel Mehta from Google discovered the bug less than a month earlier, patching their systems, and privately disclosing the bug to the OpenSSL team.

The vulnerability

Heartbleed is a buffer-over-read vulnerability allowing an attacker to read sensitive memory from a web server running OpenSSL using malformed heartbeat request messages. In addition, a server can extract the same type of information from a vulnerable client.
The attack is performed by sending a heartbeat request where the indicated payload_length is much higher than the actual payload, resulting in the responder reading payload_length bytes from the payload buffer pointer. Since the payload_length in higher than the length of the buffer, random memory found behind the payload is included in the response. Since the payload_length field is two bytes, the responder can respond with up to 2^{8*2}Bytes=64KB of memory.

This memory could include parts of private keys, passwords and other sensitive data handled by OpenSSL. By sending multiple heartbeat requests, and adversary could for example reconstruct full private keys. A compromised key opens up the possibility for man-in-the-middle attacks. An even worse scenario is if compromised key is part of an intermediate-CA, allowing an adversary to sign their own certificates. We can assume that keys have been compromised, so old keys should be revoked.

Code analysis