[Users] [Half-OT] Re: Thanks for the per-session password!

Albert ARIBAUD albert.aribaud at free.fr
Tue Apr 22 18:26:08 CEST 2014

Le 22/04/2014 18:11, Kevin Chadwick a écrit :

> There was also a lot of rubbish about clients like Android being
> vulnerable. They contain the vulnerability but unless they are serving
> data (hosting a website) which I've never heard of then they are not
> vulnerable to any attack.

Sorry for correcting, but yes, OpenSSL *clients* are just as vulnerable 
as OpenSSL servers.


"Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer 
security protocols) heartbeat extension (RFC6520). When it is exploited 
it leads to the leak of memory contents from the server to the client 
and from the client to the server."


More information about the Users mailing list