This paper aims to provide a detailed study on the Heartbleed attack covering the required topics for understanding the exploit. It is a critical bug in OpenSSL’s implementation of the TLS/DTLS heartbeat extension allowing attackers to read portions of the affected server’s memory, potentially revealing user’s data that was not intended to be revealed.
Key Pointers:
- Understanding what this vulnerability is and how it can be exploited.
- Soma important concepts covered to help understand the exploit procedure.
- Setting up a virtual environment and performing the exploit.
- Concluding the paper with required mitigations to prevent such attacks using this vulnerability
