Thu Jan 12. 2023
Heartbleed was a security flaw in the OpenSSL cryptography libraries, which are widely used implementations of the Transport Layer Security protocol. It was first introduced to the software in 2012 and made public in April 2014. It could be used regardless of whether the vulnerable OpenSSL instance runs as a TLS client or server. It was caused by incorrect input validation (due a missing bounds test) in the implementation TLS heartbeat extension. The bug's name was derived from heartbeat. The vulnerability was described as a buffer-over-read, which is a situation in which more data than should be allowed.
Heartbleed was identified in the Common Vulnerabilities and Exposures Database as CVE-2014-0160. The federal Canadian Cyber Incident Response Centre issued an advisory bulletin to system administrators regarding the bug. OpenSSL was fixed on April 7, 2014. This was the same day Heartbleed was made public.
System administrators were often slow to patch their systems. As of 20 May 2014[update], 1.5% were still vulnerable to Heartbleed. 309,197 public servers were still vulnerable as of 21 June 2014. According to Shodan's report, almost 180,000 internet-connected devices were still at risk as of 23 January 2017. As of 6 July 2017[update], the number had dropped to 144,000, according to a search on shodan.io for "vuln:cve-2014-0160". Shodan reported that 91 063 devices were now vulnerable as of 11 July 2019. The United States was the first country to have 21,258 (23%), followed by the top 10 countries with 56,537 (62%), while the rest had 34,526 (38%). The report also listed 10 other categories, including organization (the top three were wireless companies), product(Apache httpd), Nginx, and service (81%).
OpenSSL implementations of TLS were not affected by the defect in OpenSSL's implementation.
2.1 OpenSSL installations affected 2.1.1 Vulnerable function and program
3.1 Client-side vulnerability
3.2 Certain systems affected
3.2.1 Websites or other online services
3.2.2 Software applications
3.2.3 Operating systems/firmware
4.1 Browser security certificates revocation awareness
Synopsys Software Integrity Group's engineer named the bug. This Finnish cyber security company also created the bleeding-heart logo and launched the domain name heartbleed.com to help the public understand the bug. Although Google's security team reported Heartbleed first to OpenSSL, Codenomicon and Google discovered it independently around the same time. Codenomicon reports that they discovered Heartbleed to OpenSSL on April 3, 2014 and that they received notification from NCSC for vulnerability coordination on April 3, 2014.
The attack allowed the theft of private keys and session cookies as well as passwords from the web's secure servers. The Heartbleed bug was deemed "catastrophic" by Ars Technica and the Electronic Frontier Foundation. Joseph Steinberg, Forbes cybersecurity columnist wrote:
Some might argue Heartbleed is the most serious vulnerability discovered (at least in terms its potential impact) since the introduction of commercial traffic on the Internet.
A British Cabinet spokesperson[who?] That:
People should seek advice about changing passwords on websites they use. Most websites have fixed the bug and can advise people on what to do.
The Tor Project advised
For the next few days, you may want to avoid the Internet if you require strong anonymity and privacy.
The Sydney Morning Herald published a timeline showing the discovery of the bug on 15 April 2014. It showed that some organizations were able to fix the bug before public disclosure. It is not clear in all cases how they discovered it.
Only 43% of the affected websites had reissued security certificates by 9 May 2014. Additionally, 7% of the reissued security certificate used the potentially compromised keys. Netcraft stated:
Sites that were affected by Heartbleed still face the same risks if they reuse the same private keys.
eWeek stated that "Heartbleed" will be a risk for many months, if certainly years to come. "
Mumsnet, a UK parenting site, had several user accounts stolen and its CEO impersonated. Later, the site published an explanation explaining that Heartbleed was responsible and that technical staff had quickly patched it up.
Anti-malware researchers also used Heartbleed to their advantage to gain access to secret forums used cybercriminals. Also, studies were conducted by intentionally setting up vulnerable machines. On 12 April 2014, at most two independent researchers were able steal private keys from a CloudFlare-initiated experimental server. J. Alex Halderman, a professor from the University of Michigan, reported on 15 April 2014 that his honeypot server, which was designed to attract attacks to study them, had been attacked by many people from China. Halderman concluded that the attacks were likely sweeping and widespread because the server was not well-known.
August 2014 saw the disclosure that hackers had used the Heartbleed vulnerability to steal security keys from Community Health Systems in the United States. This was the second-largest for-profit U.S hospital chain. The breach compromised the confidentiality of 4.5million patient records. The breach occurred a week after Heartbleed was made public for the first time.
Prerequisite knowledge and exploitation
Major web sites fixed the bug or disabled Heartbeat Extension within days of its announcement. However, it is not clear if potential attackers knew about it earlier or how much it was exploited. 
According to researchers, audit logs have been examined by researchers and it was found that the flaw may have been exploited for at least five years before being discovered and announced. Errata Security pointed out that Masscan, a popular non-malicious program, was introduced six months prior to Heartbleed's disclosure. It abruptly terminates the connection during handshaking.
Bloomberg News reports that two unnamed insiders told Bloomberg News that the United States' National Security Agency knew about the flaw from shortly after it was discovered, but instead of reporting it, kept it secret along with other unreported zero day vulnerabilities to allow the NSA to exploit it. Richard A. Clarke, a member the National Intelligence Review Group on Intelligence and Communications Technologies, denied the claim. He told Reuters on April 11, 2014 that the NSA did not know about Heartbleed. The American government responded to the allegation by making a public statement about its zero-day vulnerabilities policy. It accepted the 2013 report of the review group that stated that "in almost all cases, for widely used codes, it is in our national interest to eliminate software vulnerabilities instead of using them for US intelligence collection".
OpenSSL's affected versions allocate a memory buffer to the message to be returned. This buffer is determined based on the length field of the requesting message. It does not take into account the actual size of the message's payload. This failure to properly bounds check means that the message returned contains the payload and possibly any other items in the allocated memory buffer. 
Heartbleed can be exploited by sending a malformed, heartbeat request to the vulnerable party (usually a Server) with a small payload. This allows attackers to read 64 kilobytes from the victim's memory which was likely to have been previously used by OpenSSL. A Heartbeat Request might ask for a party's response to "sendback the four-letter word "bird", which would result in a response of "bird", while a "Heartbleed Request", (a malicious heartbeat request), would cause the victim's response to be "bird" followed with any 496 additional characters that the victim had in active memory. This way, attackers could gain sensitive data and compromise the confidentiality of victim's communications. An attacker may have some control over the size of the disclosed memory block, but it cannot control its location and can't choose what content to reveal. 
Vulnerable function and program
The vulnerable program source files are t1_lib.c and d1_both.c and the vulnerable functions are tls1_process_heartbeat() and dtls1_process_heartbeat().
OpenSSL 1.0.1g adds bounds checks to prevent buffer over-reading. The following test was created to determine if a heartbeat request triggers Heartbleed. It silently discards malicious requests.
The OpenSSL version management system includes a complete list containing all changes.
An attack could also reveal the private keys of compromised parties, which could enable attackers to decrypt communications. (Future or past stored data captured via passive eavesdropping unless perfect forward secrecy has been used. In which case, only future traffic can decrypt if intercepted via man in-the-middle attacks. 
An attacker may use authentication material to impersonate the owner of the material. This is true as long as the victim has patched Heartbleed. Heartbleed is a serious threat to confidentiality. An attacker pretending to be a victim could also alter data. Indirectly, Heartbleed may also have other consequences than a confidentiality breach for many systems.
In April 2014, 60 percent of Americans had heard of Heartbleed. 39% of Internet users had changed passwords or cancelled accounts to protect their online accounts. 29% believed that their personal data was at risk due to the Heartbleed bug. 6 percent believed that their personal information had been stolen.
It's not a server-side vulnerability; it's also client-side because the server or whomever you connect with is as able as you to ask them for a heartbeat back.
The data stolen could include usernames and passwords. Reverse Heartbleed was a security problem that affected millions of applications. Below is a list of some of the most vulnerable applications.