EC-Council
312-50V9 · Question #335
312-50V9 Question #335: Real Exam Question with Answer & Explanation
The correct answer is A: Heartbleed Bug. Heartbleed is a critical flaw in OpenSSL's heartbeat extension that lets attackers read server memory and steal data protected by SSL/TLS encryption.
Question
Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
Options
- AHeartbleed Bug
- BPOODLE
- CSSL/TLS Renegotiation Vulnerability
- DShellshock
Explanation
Heartbleed is a critical flaw in OpenSSL's heartbeat extension that lets attackers read server memory and steal data protected by SSL/TLS encryption.
Common mistakes.
- B. POODLE (Padding Oracle On Downgraded Legacy Encryption) exploits a weakness in SSL 3.0 CBC padding to decrypt ciphertext, which is a protocol-level attack unrelated to the OpenSSL heartbeat implementation.
- C. The SSL/TLS Renegotiation Vulnerability (CVE-2009-3555) allows attackers to inject plaintext into an established encrypted session during renegotiation, which is a separate protocol flaw with no connection to OpenSSL's heartbeat extension.
- D. Shellshock (CVE-2014-6271) is a remote code execution vulnerability in the GNU Bash shell that allows arbitrary command injection via environment variables, and is not related to OpenSSL or cryptographic libraries.
Concept tested. Heartbleed OpenSSL heartbeat vulnerability identification
Community Discussion
No community discussion yet for this question.