Heartbleed Vulnerability
Monkey Archive Forums/Digital Discussion/Heartbleed Vulnerability
| ||
| A browser plugin I'm using indicates that this site is vulnerable. Might want to fix that. |
| ||
| Interesting. Wasn't aware that the site was SSL'd in any way. |
| ||
| Maybe it would be prudent to drop BRL a line, via the Contact link at the top of the page? |
| ||
| The site isn't using SSL. Please don't go around trying to tell websites that they have the vulnerability if you don't even understand it. |
| ||
| I do understand it. If you go to https://monkey-x.com you'll see that there is an active SSL listener running even if it isn't being used to serve up the content you're looking at. That listener is vulnerable. Bad guy can run the exploit against that. |
| ||
| No, as far as I know the exploit can only return memory that is stored within the bounds of the service openSSL. If you try to grab memory outside of that it should produce a segfault. |
| ||
| You're not thinking like a bad guy. How does BRL manage the server? Through an SSL-encrypted service. cPanel to be exact. How do I know that? The error message on the SSL listener gives it away. So while the logins and stuff on this forum might not be exposed in memory, the login that BRL uses to manage the server may be. If you can get into their cPanel login, you can use cPanel to upload files, download files, modify stuff, create your own admin account, mess with DNS records, etc. And if they happened to be interested in this forum, they could just use cPanel to download a copy of the table where the password hashes are stored. Or modify the login code to store a copy of the password elsewhere without hashing it. |
   |