Heartbleed Flaw Exploited In VPN Attack
Security researchers report attack on an enterprise that used the OpenSSL vulnerability to steal VPN session tokens and evade two-factor authentication.
April 21, 2014
![Network Computing logo Network Computing logo](https://eu-images.contentstack.com/v3/assets/bltde8121fc52c5c8f3/blt3f3d0318f746b1c2/65a530e4187606040a1d8b8c/placeholder.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
Now there's live proof the Heartbleed bug can be exploited, not just to steal private SSL keys stored on a server, but also to retrieve VPN session tokens.
Researchers at Mandiant -- now part of threat intelligence firm FireEye -- on Friday revealed that they spotted a successful VPN-targeting attack that began April 8. That was just one day after OpenSSL issued a public security advisory about a "TLS heartbeat read overrun" in its open-source SSL and TLS implementation.
The flaw, later dubbed "Heartbleed," was quickly tapped by a VPN-targeting attacker. "The attacker repeatedly sent malformed heartbeat requests to the HTTPS Web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," said Mandiant technical director Christopher Glyer and senior consultant Chris DiGiamo in a blog post. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated."
Read the full story on Dark Reading.
About the Author(s)
You May Also Like