Jump to content
Sign in to follow this  
NewsBot

Was Heartbleed really that critical? Here’s why it wreaked havoc across the IT community

Recommended Posts

Secunia Research classifies vulnerabilities by rating the severity of vulnerabilities from 1: "not critical" to 5: "extremely critical."
Going by the PR Heartbleed received, you would be excused for thinking that what we were dealing with here was, indeed, "extremely critical."
But it was not, as vulnerabilities go. That rating we use for "remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild."

The Heartbleed vulnerability was in fact only rated as a 3 of 5 by Secunia: "moderately critical", which is typically used for "remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction."
It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements.

 

View the full article

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×