Main > Forum/Website Discussion
Vulnerable to Heartbleed Bug :(
saint:
That's the thing I have to puzzle out - I don't have a cert that I'm aware of :) I may have a self-signed cert, sirwoogie may have set something up, but I've never purchased a cert for the server here.
404:
--- Quote from: saint on April 11, 2014, 09:38:28 am ---That's the thing I have to puzzle out - I don't have a cert that I'm aware of :) I may have a self-signed cert, sirwoogie may have set something up, but I've never purchased a cert for the server here.
--- End quote ---
yeah, I would ask sirwoogie to get more details on the cert situation. There is definitely something there but it is definitely old. Also make sure the heartbeat extension is enabled.
CthulhuLuke:
fox_heartbleedtest.py says you are no longer vulnerable. ( http://foxitsecurity.files.wordpress.com/2014/04/fox_heartbleedtest.zip )
That is what I used to get bochi's cookie, you could basically set it up in a loop dumping memory and looking for cookies that contain SMF20=
Your certificate is definitely self-signed. The issuer is sirwoogie@gmail.com.
404:
--- Quote from: CthulhuLuke on April 11, 2014, 10:29:13 am ---fox_heartbleedtest.py says you are no longer vulnerable. ( http://foxitsecurity.files.wordpress.com/2014/04/fox_heartbleedtest.zip )
That is what I used to get bochi's cookie, you could basically set it up in a loop dumping memory and looking for cookies that contain SMF20=
Your certificate is definitely self-signed. The issuer is sirwoogie@gmail.com.
--- End quote ---
strange. when i checked earlier this morning it was showing up as still vulnerable. Now i just checked with heartbleeder and it times out. ???
PL1:
Does the wiki need to be patched, too?
Scott
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version