Soon after the Heartbleed bug was made public, Acunetix released an update to detect the vulnerability in websites and web applications. The script that detects this is called Heartbleed_Bug.script, and is included in the following Scanning Profiles:

  • Default
  • High_Risk_Alerts
  • The newly created heartbleed profile

The Heartbleed bug is considered to be one of the most serious bugs that has emerged recently, affecting numerous organisations, including high profile ones. We encourage all our customers to scan all web applications with one of the above mentioned scanning profiles in order to identify if you are vulnerable.

The repulsions of the vulnerability are rather serious, since it allows attackers to steal data from the server’s memory, such as cookies, user credentials, other data exchanged between the server and users, and possibly the server’s SSL private key. All this without leaving a trace in the log files.

The solution is rather straight forward – update to the latest version of OpenSSL.

SHARE THIS POST
THE AUTHOR
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.