Skip to main content

Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

Illustration of Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest
Paweł Różański

During a recent security audit, vulnerability known as The Heartbleed Bug was discovered on two publicly accessible servers. What is interesting it is a fact that this vulnerability was discovered 10 years ago! It allows an attacker to access data directly from the memory of vulnerable systems. In fact, it enables the extraction of sensitive information, including credentials, without any pre-existing access or authentication requirements.

What is the Heartbleed Bug?

The Heartbleed Bug is a well-known vulnerability that was first revealed in 2014. It allows attackers to exploit a flaw in OpenSSL’s heartbeat functionality, enabling them to read random portions of the system’s memory. This can result in the exposure of sensitive data such as encryption keys, usernames, passwords, and other confidential information that resides in memory.

To learn more about the Heartbleed Bug, visit dedicated website: https://heartbleed.com

Real-World Exploitation: What We Found

This case demonstrates the importance of using multiple TLS/SSL tools during testing. While SSLScan did not detect this vulnerability, testssl.sh successfully identified it:

Vulnerability detection

During our testing, it was confirmed that an attacker could successfully retrieve sensitive information from the affected servers. Using the Metasploit openssl_heartbleed module, we exploited the vulnerability and extracted data from the systems.

In this instance, we managed to obtain credentials for a technical user which were being used for Basic Authentication. The extracted data, encoded in base64, was decoded to reveal the credentials.

Credentials extraction

Using these credentials, we were able to bypass the Basic Authentication on the affected host and gain access to the system, as demonstrated below:

Without Correct Credentials

Request:

Unauthorized request

Response:

Unauthorized response

With the Obtained Credentials:

Request:

Authorized request

Response:

Authorized response

Though the endpoint returned a “404 Not Found” error, the successful authentication process proved that the compromised credentials were valid and could have been used to access sensitive areas of the system had they existed.

Recommendations to Mitigate the Risk

To defend against this vulnerability, we strongly recommend the following:

  1. Update OpenSSL to the latest patched version that addresses the Heartbleed Bug.
  2. Rotate all sensitive credentials and certificates on the affected systems, as they may have been compromised during the exposure.

Other Insights

Illustration of How NOT to store data in a desktop application?

How NOT to store data in a desktop application?

Mateusz Lewczak

Due to their offline nature, desktop applications often struggle with storing sensitive data in a secure way. Many developers mistakenly believe that compiling an application automatically secures the data within it. This approach is especially common in applications written in languages that are easy to decompile, like for example .NET. However, the truth is that no matter what technology is used, various techniques can still be used to access unprotected confidential information, which can lead to major security breaches. In this article, we'll take a look at some common methods that can be used to access supposedly secure information from desktop applications. We will also discuss the potential impacts of these vulnerabilities.

READ article
A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?

Happy to get a call or email
and help!

Contact Us