This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

Heartbleed | server vulnerable = client cert exposed?


blitz-krieg
 Share

Recommended Posts

hi


quick question about the heartbleed bug


if you had murmur (server) running with a vulnerable version of openssl could the connecting clients (running with a none vulnerable version of openssl) have had there certificate revealed to any potential attacker?


http://blog.mumble.info/wp-uploads/2014/04/heartbleed.png


any reply would be greatly appreciated


/blitz-krieg

Link to comment
Share on other sites

We ourselves never distributed vulnerable versions.

If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so.

 

thanks for answering


yeah i now i read the message in your blogg

i used the package available in debian stable (wheezy) which if im not mistaking used a vulnerable version of openssl.


time for some certificate revocation i guess


/blitz-krieg

Link to comment
Share on other sites

 Share

×
×
  • Create New...