Jump to content
Mumble forums

Heartbleed | server vulnerable = client cert exposed?


blitz-krieg
 Share

Recommended Posts

hi


quick question about the heartbleed bug


if you had murmur (server) running with a vulnerable version of openssl could the connecting clients (running with a none vulnerable version of openssl) have had there certificate revealed to any potential attacker?


http://blog.mumble.info/wp-uploads/2014/04/heartbleed.png


any reply would be greatly appreciated


/blitz-krieg

Link to comment
Share on other sites

We ourselves never distributed vulnerable versions.

If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so.

 

thanks for answering


yeah i now i read the message in your blogg

i used the package available in debian stable (wheezy) which if im not mistaking used a vulnerable version of openssl.


time for some certificate revocation i guess


/blitz-krieg

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...