Qualys, a provider of cloud security and compliance solutions, has announced that its Qualys SSL Labs service detects the OpenSSL vulnerability disclosed as ‘HeartBleed’ (CVE-2014-0160).
The serious vulnerability was discovered in the open-source encryption software used in many of the world’s websites that could allow attackers to steal a variety of information unnoticed.
The ‘Heartbleed’ bug potentially allows access to the memory of systems that currently run one of several vulnerable versions of the OpenSSL cryptographic software library.
Administrators responsible for the security of websites can access the free tool at https://www.ssllabs.com, enter a URL and find out on whether their site is vulnerable to the new threat, as well as get information about the overall health of the site’s SSL implementation. Qualys reports that traffic to the SSL Labs site has grown by an order of magnitude since the new vulnerability was announced recently.
For QualysGuard customers the HeartBleed issue also is detectable by the QualysGuard Vulnerability Management (VM) cloud service as QID 42430. This means that Qualys customers can get reports detailing their enterprise-wide exposure whenever they next scan their assets, which allows them to efficiently remediate the issue.
Ivan Ristic, director of engineering at Qualys and renowned SSL technology expert, said: "The HeartBleed vulnerability is easy to exploit and there are already many proof-of-concept tools available that one can use in minutes.
"After a successful attack, the attacker can obtain a large chunk of server memory, which can contain server private keys, session keys, passwords and other sensitive data. IT administrators need to map their exposure and install the patched version wherever necessary."
