Main > Forum/Website Discussion
Vulnerable to Heartbleed Bug :(
saint:
I've updated the OpenSSL.
I didn't realize anyone was using https to access the forum though. Are folks?
CthulhuLuke, 404 - still seeing vulnerabilities?
wp34:
--- Quote from: saint on April 11, 2014, 08:13:15 am ---I've updated the OpenSSL.
I didn't realize anyone was using https to access the forum though. Are folks?
CthulhuLuke, 404 - still seeing vulnerabilities?
--- End quote ---
I assumed that the login page was https but it is not. Is it an option to require SSL for the login page?
404:
--- Quote from: saint on April 11, 2014, 08:13:15 am ---I've updated the OpenSSL.
I didn't realize anyone was using https to access the forum though. Are folks?
CthulhuLuke, 404 - still seeing vulnerabilities?
--- End quote ---
Still reports as vulnerable but this time around i couldn't dump cookies.
saint:
Thank you - what tool are you using to assess the vulnerability?
404:
^^ heartbleeder
https://github.com/titanous/heartbleeder
Although i think the biggest issue here is that your cert was signed over 2 years ago. I'd try to get a new cert (your host should be more than accommodating during this situation)Best method to patch this up is to tweak settings and then just use some of the more common, online testers to check your settings as you go along.
http://filippo.io/Heartbleed/
https://lastpass.com/heartbleed/
If you happen to have a cert by geotrust, they have created a quick form that allows you to get a new cert very fast
https://products.geotrust.com/orders/orderinformation/authentication.do
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version