Zero-Day Exploitscritical

Heartbleed: OpenSSL Bug Exposes Private Keys and Passwords of Two-Thirds of the Internet

A two-year-old memory disclosure bug in OpenSSL — the encryption library securing most of the internet — allowed anyone to read 64KB of server memory per request, potentially exposing private keys, session tokens, and user passwords.

OpenSSL / Global Internet·2014·2 min read

Background

OpenSSL provides the TLS (Transport Layer Security) encryption for approximately two-thirds of all HTTPS websites. The Heartbleed bug (CVE-2014-0160) was introduced in December 2011 when a developer submitted a patch for the TLS heartbeat extension with a missing bounds check. It was present in OpenSSL 1.0.1 released in March 2012.

The Attack

The Heartbleed vulnerability exploited the TLS heartbeat extension: a client sends a heartbeat message with a payload and a stated length. OpenSSL echoed back the stated length of data regardless of the actual payload size. By claiming a larger length than the actual payload, an attacker caused the server to echo back up to 64KB of server memory adjacent to the heartbeat buffer. This memory could contain: the server's private TLS key, recently used session cookies, usernames and passwords, and any other data recently processed. Each request returned a different 64KB window — with enough requests, significant memory could be reconstructed.

Response

OpenSSL 1.0.1g was released on April 7, 2014 along with the public disclosure coordinated by Google Security and Codenomicon. The disclosure triggered an emergency patch cycle across every major web server, VPN, network appliance, and application. Certificate authorities received millions of certificate revocation and reissuance requests simultaneously.

Outcome

The sheer scale of impact was unprecedented — an estimated 17% of all secure web servers were vulnerable at disclosure. Certificate revocation infrastructure struggled to handle the volume. The bug existed undetected for two years, during which time any nation-state or criminal actor who discovered it had silent access to server private keys across the internet.

Key Takeaways

  1. Memory safety bugs in security-critical C code can be catastrophically impactful — memory-safe languages reduce this risk
  2. Coordinated vulnerability disclosure allows defenders to patch before public exploitation — the Heartbleed process is a model
  3. Certificate revocation and reissuance infrastructure must be scalable for internet-wide events
  4. OpenSSL's critical importance made it chronically underfunded — audit and fund critical open source infrastructure
HeartbleedOpenSSLTLSmemory disclosureprivate key exposure

More in Zero-Day Exploits

2017critical

EternalBlue: NSA's Stolen Weapon Powers WannaCry, NotPetya, and Years of Attacks

2 min readZero-Day Exploits
2021critical

Log4Shell: A Single Java Library Puts 3 Billion Devices at Risk

2 min readZero-Day Exploits
2023critical

MOVEit Zero-Day: One SQL Injection Flaw, 2,700 Organisations Breached

2 min readZero-Day Exploits