One 、 Vulnerability profile

2014 year 4 month 7 Japan ,OpenSSL Issue safety bulletins , stay OpenSSL1.0.1 Version to OpenSSL1.0.1f Beta1 There is a vulnerability in the version , The Chinese name of the vulnerability is heart blood drop , English name is HeartBleed. among Heart This means that the vulnerability lies on the heartbeat protocol ,Bleed Because this vulnerability will cause data leakage . namely HeartBleed Is a data leak vulnerability in the heartbeat protocol ,OpenSSL The heartbeat protocol is used in the library .HeartBleed It mainly exists in OpenSSL Of 1.0.1 Version to 1.0.1f edition .

Heartbleed Loopholes allow Internet Anyone on the read by OpenSSL System memory protected by vulnerable versions of software . This undermines the ability to identify service providers and encrypt traffic 、 User name and password as well as the key of the actual content . This allows attackers to eavesdrop on communications , Steal data directly from services and users , And pretend to be a service and a user .SSL/TLS by Web、 E-mail 、 Instant messaging (IM) And some virtual private networks (VPN) And other applications Internet Communication security and privacy on .

Reference link ：

    https://heartbleed.com/

    https://filippo.io/Heartbleed

Two 、 scope