Heartbleed Flaw Exploited In VPN Attack

Security researchers report attack on an enterprise that used the OpenSSL vulnerability to steal VPN session tokens and evade two-factor authentication.

Mathew Schwartz

April 21, 2014

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Now there's live proof the Heartbleed bug can be exploited, not just to steal private SSL keys stored on a server, but also to retrieve VPN session tokens.

Researchers at Mandiant -- now part of threat intelligence firm FireEye -- on Friday revealed that they spotted a successful VPN-targeting attack that began April 8. That was just one day after OpenSSL issued a public security advisory about a "TLS heartbeat read overrun" in its open-source SSL and TLS implementation.

The flaw, later dubbed "Heartbleed," was quickly tapped by a VPN-targeting attacker. "The attacker repeatedly sent malformed heartbeat requests to the HTTPS Web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," said Mandiant technical director Christopher Glyer and senior consultant Chris DiGiamo in a blog post. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated."

Read the full story on Dark Reading.

About the Author

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights