New Heartbleed Exploit: Bypass Multifactor Authentication to Hijack VPN Sessions

Status
Not open for further replies.

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Attackers were able to breach a walled-off virtual private network by exploiting the Heartbleed vulnerability, security company Mandiant said on Friday.

The breach is one of the earliest instances of attackers using Heartbleed to bypass multifactor authentication and break through a VPN, said Mandiant Technical Director Christopher Glyer. It's not clear from the report if data was stolen from the affected organization.

The Heartbleed vulnerability was accidentally introduced several years ago to OpenSSL, the encryption platform used by more than two-thirds of the Internet, but it wasn't discovered till the beginning of this past April. Since then, Internet firms large and small have been scrambling to patch their OpenSSL implementations.​

Read more:
http://www.cnet.com/uk/news/heartbleed-attack-used-to-skip-past-multifactor-authentication/
http://www.tomsguide.com/us/heartbleed-exploit-vpn,news-18661.html
https://www.mandiant.com/blog/attac...y-circumvent-multifactor-authentication-vpns/
Heartbleed ITW
http://blog.sucuri.net/2014/04/heartbleed-in-the-wild.html
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top