OpenSSL Heartbleed Vulnerability

OpenSSL (Secure Sockets Layer) is open-source technology, used for many websites, to ensure secure Internet communications via encryption.

A vulnerability — Heartbleed — has been discovered in OpenSSL, that could allow the exposure of sensitive information including passwords, financial data and other records.


Heartbleed Explained


Organizations: What should you do?


Take the following steps immediately:

  • Patch all vulnerable OpenSSL systems.

  • Revoke and reissue certificates that use OpenSSL/TLS.

  • Force user password changes for all impacted accounts.

  • Be alert for phishing scams. CIS received reports of phishing campaigns related to this vulnerability, attempting to lure victims to credential-stealing sites. If you need to change your password, type the URL of the organization in a browser and do not click on links in emails that ask you to reset your passwords.

Home Users: What should you do?

    "Qualys SSL Labs Heartbleed test site"(https://www.ssllabs.com/ssltest/)
    provides analysis of the configuration of any SSL web server on the public Internet

  • Change passwords for all online accounts and e-mail, giving first priority to critical accounts.

  • Be alert for phishing scams. CIS received reports of phishing campaigns related to this vulnerability, attempting to lure victims to credential-stealing sites. If you need to change your password, type the URL of the organization in a browser and do not click on links in emails that ask you to reset your passwords.

CIS Heartbleed Vulnerability Advisory

Provides additional information, including technical details