[Users] [Half-OT] Re: Thanks for the per-session password!
albert.aribaud at free.fr
Tue Apr 22 18:26:08 CEST 2014
Le 22/04/2014 18:11, Kevin Chadwick a écrit :
> There was also a lot of rubbish about clients like Android being
> vulnerable. They contain the vulnerability but unless they are serving
> data (hosting a website) which I've never heard of then they are not
> vulnerable to any attack.
Sorry for correcting, but yes, OpenSSL *clients* are just as vulnerable
as OpenSSL servers.
"Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer
security protocols) heartbeat extension (RFC6520). When it is exploited
it leads to the leak of memory contents from the server to the client
and from the client to the server."
More information about the Users