During a recent security audit, vulnerability known as The Heartbleed Bug was discovered on two publicly accessible servers. What is interesting it is a fact that this vulnerability was discovered 10 years ago! It allows an attacker to access data directly from the memory of vulnerable systems. In fact, it enables the extraction of sensitive information, including credentials, without any pre-existing access or authentication requirements.

What is the Heartbleed Bug?

The Heartbleed Bug is a well-known vulnerability that was first revealed in 2014. It allows attackers to exploit a flaw in OpenSSL’s heartbeat functionality, enabling them to read random portions of the system’s memory. This can result in the exposure of sensitive data such as encryption keys, usernames, passwords, and other confidential information that resides in memory.
To learn more about the Heartbleed Bug, visit dedicated website:
https://heartbleed.com
Real-World Exploitation: What We Found
This case demonstrates the importance of using multiple TLS/SSL tools during testing. While SSLScan did not detect this vulnerability, testssl.sh successfully identified it:
During our testing, it was confirmed that an attacker could successfully retrieve sensitive information from the affected servers. Using the Metasploit openssl_heartbleed module, we exploited the vulnerability and extracted data from the systems.

In this instance, we managed to obtain credentials for a technical user which were being used for Basic Authentication. The extracted data, encoded in base64, was decoded to reveal the credentials.
Using these credentials, we were able to bypass the Basic Authentication on the affected host and gain access to the system, as demonstrated below:

Without Correct Credentials Request:
Response:
With the Obtained Credentials:


Request:


Response:


Though the endpoint returned a "404 Not Found" error, the successful authentication process proved that the compromised credentials were valid and could have been used to access sensitive areas of the system had they existed.

Recommendations to Mitigate the Risk

To defend against this vulnerability, we strongly recommend the following:

1. Update OpenSSL to the latest patched version that addresses the Heartbleed Bug.
2. Rotate all sensitive credentials and certificates on the affected systems, as they may have been compromised during the exposure.

#CyberSecurity #DoS #Pentesting #VulnerabilityResearch #ServerSecurity #Infosec #SecurityTesting #PentestChronicles