AppCheck NG Updated to Discover Critical OpenSSL Bug “Heartbleed”

On 7th April 2014 a group of security researchers disclosed a critical security flaw in the popular cryptographic software library OpenSSL. The Heartbleed Bug allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. The AppCheck NG Web Application and Infrastructure vulnerability scanner has already been updated with a plugin to detect the flaw.

UPDATE (11/04/2014): Proof of Concept exploit module added to AppCheck Platform. 

On 7th April 2014 a group of security researchers disclosed a critical security flaw in the popular cryptographic software library OpenSSL.

The Heartbleed Bug allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

OpenSSL is the most popular open source library for providing encrypted SSL communications on the Internet and therefore there is a high chance that this flaw will affect your network and applications.

The AppCheck NG Web Application and Infrastructure vulnerability scanner has already been updated with a plugin to detect the flaw.

 

Heartbleed vulnerability discovery using AppCheck NG

– Scan IPs and URLs for the “Heartbleed” vulnerability
– Infrastructure and Web Applications will be scanned for all other classes of vulnerability including missing patches, SQL Injection and Cross Site Scripting
– Register now for your scan: Click here

 

What does the flaw allow the attacker to achieve?

The vulnerability allows the attacker to read 64KB chunks of process memory from the affected OpenSSL implementation. This could allow the extraction of private keys, user credentials, web server session id’s and other sensitive information.

 

Which services are likely to be affected?

Common services affected by this flaw include:
– The Apache Web Server
– Various Mail Server Platforms
– VPN and Firewall SSL interfaces
– Proxy servers such as NGINX

 

What versions of the OpenSSL are affected?

Status of different versions:
– OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
– OpenSSL 1.0.1g is NOT vulnerable
– OpenSSL 1.0.0 branch is NOT vulnerable
– OpenSSL 0.9.8 branch is NOT vulnerable

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

About Appcheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses
URLs

Get in touch