nerdexam
EC-Council

312-50V9 · Question #25

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transp

The correct answer is A. Private. The data obtained by a Heartbleed attack may include unencrypted exchanges between TLS parties likely to be confidential, including any form post data in users' requests. Moreover, the confidential data exposed could include authentication secrets such as session cookies and pass

Cryptography

Question

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Options

  • APrivate
  • BPublic
  • CShared
  • DRoot

How the community answered

(25 responses)
  • A
    92% (23)
  • B
    4% (1)
  • C
    4% (1)

Explanation

The data obtained by a Heartbleed attack may include unencrypted exchanges between TLS parties likely to be confidential, including any form post data in users' requests. Moreover, the confidential data exposed could include authentication secrets such as session cookies and passwords, which might allow attackers to impersonate a user of the service. An attack may also reveal private keys of compromised parties. https://en.wikipedia.org/wiki/Heartbleed

Topics

#Heartbleed#OpenSSL#private key exposure#TLS vulnerability

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice