April 10, 2014

A serious vulnerability named the Heartbleed bug was announced Monday night (04/07/2014) in OpenSSL* (version 1.01 and OpenSSL beta 1.0.2.).

The Heartbleed bug allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate them. The access to this type of sensitive data creates a serious vulnerability because attackers can use it to decrypt past communications, steal critical data and in the case of a private key compromise enable the attacker to impersonate the associated server.

The remedy to the bug is to obtain a bug fixing patch from the SSL provider.