HolyGhost logoHolyGhost

#tls

2 posts

AnalysisCVE-2014-0160

Heartbleed: When Asking Nicely Leaked the Server's Secrets

A missing length check in OpenSSL let anyone read chunks of a server's memory, including private keys and passwords. Here is how Heartbleed (CVE-2014-0160) worked and why it was so serious.

7 min read·#heartbleed#openssl#tls