On April 7, 2014, a serious vulnerability in the OpenSSL cryptographic software library was exposed. This weakness, dubbed The Heartbleed Bug, allows a remote attacker to access system memory which may contain encryption keys, user credentials or other sensitive information.
OpenSSL provides communication security and privacy over the Internet for many applications, including web, email, instant messaging (IM) and some virtual private networks (VPNs).
What is the risk?
This bug has left large amounts of sensitive data exposed to attackers. Exploitation of the Heartbleed bug leaves no trace, and thus requires everyone to take this exposure seriously.
In a worst-case scenario, leaked encryption keys allow an attacker to decrypt traffic, both current and past, to the protected services. An attacker may also impersonate the service at will.
Read the full story online: http://heartbleed.com/
If you have servers that are vulnerable to this attack, please remediate as quickly as possible following these steps:
If you cannot remediate your server and it is being used to access sensitive information, ITS may block access to the server until it can be remediated.