Scanning for Heartbleed using Acunetix

Soon after the Heartbleed bug was made public, Acunetix released an update to detect the vulnerability in websites and web applications. The script that detects this is called Heartbleed_Bug.script, and is included in the following Scanning Profiles:

  • Default
  • High_Risk_Alerts
  • The newly created heartbleed profile

The Heartbleed bug is considered to be one of the most serious bugs that has emerged recently, affecting numerous organisations, including high profile ones. We encourage all our customers to scan all web applications with one of the above mentioned scanning profiles in order to identify if you are vulnerable.

The repulsions of the vulnerability are rather serious, since it allows attackers to steal data from the server’s memory, such as cookies, user credentials, other data exchanged between the server and users, and possibly the server’s SSL private key. All this without leaving a trace in the log files.

The solution is rather straight forward – update to the latest version of OpenSSL.

Share this post

Leave a Reply

Your email address will not be published.


*