Geekflare
[gtranslate]
Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Security and Test Management  |  Last updated: May 30, 2023
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

How to Test & Fix HeartBleed SSL Vulnerabilities?

By
How to Test & Fix HeartBleed SSL Vulnerabilities

Is your website safe from Heartbleed Bug?

The Heartbleed bug is a severe OpenSSL vulnerability in the cryptographic software library.  This allows exposing sensitive information over SSL/TLS encryption for applications like web, email, IM, and VPN.

Detailed information about the Heartbleed bug can be found here. 

In this article, I will talk about how to test if your web applications are heartbleed security vulnerable.

Status of different OpenSSL versions:-

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

If you are using F5 to offload SSL – you can refer here to check if it’s vulnerable.

Heartbleed Testing Tools

SSL Labs

One of the popular SSL Server Test by Qualys scan the target for more than 50 TLS/SSL related known vulnerabilities, including Heartbleed. On the test result page, you should see something like below.

ssl-labs

Domsignal

TLS Scanner by Domsignal lets you quickly test your website for misconfiguration and common security flaws.

geekflare-tls-scan-result

OpenSSL

If you are testing internal sites or don’t want to use a cloud-based scanner, then you can use OpenSSL. The following command should help you with that.

echo "QUIT"|openssl s_client -connect facebook.com:443 2>&1|grep 'server extension "heartbeat" (id=15)' || echo safe

Example:

[root@lab ~]# echo "QUIT"|openssl s_client -connect geekflare.com:443 2>&1|grep 'server extension "heartbeat" (id=15)' || echo safe
safe
[root@lab ~]#

You are going to replace geekflare.com:443 with your site.

Fixing Heartbleed

Fixing is quite straightforward. There are two things you got to do to fix it.

  • Upgrade OpenSSL to 1.o.1g or higher version.
  • Regenerate the CSR using an upgraded version of OpenSSL and get it signed by a certificate authority. Once you receive the signed certificate, implement that on your respective web servers or edge devices.

I hope this helps you.

  • Chandan Kumar
    Author
    As the founder of Geekflare, I’ve helped millions to excel in the digital realm. Passionate about technology, I’m on a mission to explore the world and amplify growth for professionals and businesses alike.
Thanks to our Sponsors
More great readings on Security
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti
    Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Brightdata
    Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Monday.com
    Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder
    Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder