Jump to content
Mumble forums

Heartbleed | server vulnerable = client cert exposed?


blitz-krieg
 Share

Recommended Posts

hi


quick question about the heartbleed bug


if you had murmur (server) running with a vulnerable version of openssl could the connecting clients (running with a none vulnerable version of openssl) have had there certificate revealed to any potential attacker?


http://blog.mumble.info/wp-uploads/2014/04/heartbleed.png


any reply would be greatly appreciated


/blitz-krieg

Link to comment
Share on other sites

We ourselves never distributed vulnerable versions.

If you built against a vulnerable version of OpenSSL or use a distro that did so, yes, I guess so.

 

thanks for answering


yeah i now i read the message in your blogg

i used the package available in debian stable (wheezy) which if im not mistaking used a vulnerable version of openssl.


time for some certificate revocation i guess


/blitz-krieg

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...