Network Computing is part of the Informa Tech Division of Informa PLC
Heartbleed Flaw Exploited In VPN Attack
Now there's live proof the Heartbleed bug can be exploited, not just to steal private SSL keys stored on a server, but also to retrieve VPN session tokens.
Researchers at Mandiant -- now part of threat intelligence firm FireEye -- on Friday revealed that they spotted a successful VPN-targeting attack that began April 8. That was just one day after OpenSSL issued a public security advisory about a "TLS heartbeat read overrun" in its open-source SSL and TLS implementation.
The flaw, later dubbed "Heartbleed," was quickly tapped by a VPN-targeting attacker. "The attacker repeatedly sent malformed heartbeat requests to the HTTPS Web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," said Mandiant technical director Christopher Glyer and senior consultant Chris DiGiamo in a blog post. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated."
Read the full story on Dark Reading.
Recommended For You
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.
By arming SD-WAN networks with end-to-end intelligence, analytics-driven predictions, and predictive automation solutions, IT teams can simplify infrastructure management and assure higher levels of quality experiences for users.