nerdexam
EC-Council

312-50V13 · Question #73

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transp

The correct answer is B. Private. The Heartbleed bug (CVE-2014-0160) was a critical vulnerability in the OpenSSL library's implementation of the TLS Heartbeat extension, which allowed attackers to read sensitive data from the server's memory. This memory exposure could include the server's private key, which is e

Submitted by paula_co· Mar 6, 2026Cryptography

Question

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options

  • APublic
  • BPrivate
  • CShared
  • DRoot

How the community answered

(47 responses)
  • A
    4% (2)
  • B
    91% (43)
  • C
    2% (1)
  • D
    2% (1)

Why each option

The Heartbleed bug (CVE-2014-0160) was a critical vulnerability in the OpenSSL library's implementation of the TLS Heartbeat extension, which allowed attackers to read sensitive data from the server's memory. This memory exposure could include the server's private key, which is essential for establishing secure TLS connections and decrypting traffic.

APublic

Public keys are, by design, intended to be openly shared and are not considered sensitive information if exposed. The compromise associated with Heartbleed was the exposure of data that should have remained secret.

BPrivateCorrect

The Heartbleed bug exploited a flaw in the OpenSSL library's TLS Heartbeat extension, allowing an attacker to request an arbitrary amount of data from the server's memory. This memory could contain highly sensitive information, most notably the server's private key, which, if compromised, would allow an attacker to decrypt past and future TLS communications and impersonate the server.

CShared

While shared keys (symmetric session keys) could potentially be exposed if present in the compromised memory, the critical impact of Heartbleed was the compromise of the long-term server *private key*, which could then be used to derive or decrypt session keys.

DRoot

Root keys belong to Certificate Authorities (CAs) and are used to sign certificates. While a server might have a copy of a root certificate, the Heartbleed bug primarily exposed the server's *private key*, which is distinct from a CA's root key.

Concept tested: Heartbleed vulnerability (CVE-2014-0160)

Source: https://www.cisco.com/c/en/us/products/security/heartbleed-bug.html

Topics

#Heartbleed#OpenSSL vulnerability#private key#TLS/SSL#cryptographic attacks

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice