English 
Русский 
简体中文 
Português do Brasil 
Français 
Español 
Türkçe 
Polski 
Tiếng Việt 
한국어 
Nederlands 
Italiano 
日本語 
Eesti 
Čeština 
മലയാളം 
Bahasa Melayu 
हिन्दी 
اردو 
Bahasa Indonesia 
Safe WebHeartbleed, also known as CVE-2014-0160, is a computer security vulnerability in the OpenSSL cryptography library. It was discovered in April 2014 and is classified as a critical issue by the Common Vulnerability Scoring System (CVSS).
The Heartbleed Bug is a severe security flaw in the OpenSSL encryption library. OpenSSL is a commonly used software library for encrypting Internet communication. The flaw allows attackers to access sensitive data without any authentication mechanisms, making it very dangerous.
Essentially, the Heartbleed bug is an implementation error in the OpenSSL library that allows an attacker to read the memory of the encrypted server or client. This means that secret information such as usernames, passwords, credit card numbers, and other sensitive data can be exposed to a malicious intruder. This bug can be exploited remotely, and the intruder can obtain encrypted data by exploiting the flaw.
The vulnerability is an example of a “buffer overflow”, which occurs when data is sent to a program with more bytes than it can handle. An attacker can exploit the flaw to access any memory on the target system, potentially revealing secret information.
The bug was initially believed to be limited to Linux and Unix-based systems, but it was later found to affect many other platforms as well, including some mobile systems. It has been estimated that over 500 million computers and server systems were affected by the bug, and that the affected software was found on nearly two-thirds of all web servers on the Internet.
The bug was quickly patched by affected vendors after its discovery, and in May 2014 a patch was released to correct the vulnerability. The patch is widely available and should be applied to systems running the affected OpenSSL software.
While the vulnerability was discovered over six years ago, it is still important for users to update their systems to the latest version of OpenSSL software to ensure protection against potential attackers. Additionally, users should regularly monitor their systems for vulnerabilities and take steps to secure their networks, such as using strong passwords and two-factor authentication.
