NETWORKING

  • 04/21/2014
    12:35 PM
  • Rating: 
    0 votes
    +
    Vote up!
    -
    Vote down!

Heartbleed Flaw Exploited In VPN Attack

Security researchers report attack on an enterprise that used the OpenSSL vulnerability to steal VPN session tokens and evade two-factor authentication.

Now there's live proof the Heartbleed bug can be exploited, not just to steal private SSL keys stored on a server, but also to retrieve VPN session tokens.

Researchers at Mandiant -- now part of threat intelligence firm FireEye -- on Friday revealed that they spotted a successful VPN-targeting attack that began April 8. That was just one day after OpenSSL issued a public security advisory about a "TLS heartbeat read overrun" in its open-source SSL and TLS implementation.

The flaw, later dubbed "Heartbleed," was quickly tapped by a VPN-targeting attacker. "The attacker repeatedly sent malformed heartbeat requests to the HTTPS Web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," said Mandiant technical director Christopher Glyer and senior consultant Chris DiGiamo in a blog post. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated."

Read the full story on Dark Reading.


We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.