Search the Community
Showing results for tags 'openssl'.
Secunia Research classifies vulnerabilities by rating the severity of vulnerabilities from 1: "not critical" to 5: "extremely critical." Going by the PR Heartbleed received, you would be excused for thinking that what we were dealing with here was, indeed, "extremely critical." But it was not, as vulnerabilities go. That rating we use for "remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild." The Heartbleed vulnerability was in fact only rated as a 3 of 5 by Secunia: "moderately critical", which is typically used for "remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction." It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements. View the full article