Jump to content

Was Heartbleed really that critical? Here’s why it wreaked havoc across the IT community


Recommended Posts

Secunia Research classifies vulnerabilities by rating the severity of vulnerabilities from 1: "not critical" to 5: "extremely critical."
Going by the PR Heartbleed received, you would be excused for thinking that what we were dealing with here was, indeed, "extremely critical."
But it was not, as vulnerabilities go. That rating we use for "remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild."

The Heartbleed vulnerability was in fact only rated as a 3 of 5 by Secunia: "moderately critical", which is typically used for "remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction."
It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements.

 

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...