WASHINGTON — The Obama administration denied Friday that the National Security Agency or other parts of the federal government had known about the Heartbleed security vulnerability that has created widespread fears that passwords and other sensitive information belonging to millions of Internet users may have been revealed over the past two years.

The White House was responding to a report by Bloomberg News citing two unidentified sources who said that the N.S.A. had known about the flaw and “regularly used it to gather critical intelligence.” Outside experts expressed strong doubts about the report, noting that the information that could be gleaned from the Heartbleed bug was somewhat random, meaning it probably would be a clumsy intelligence tool.

The suspicions about the N.S.A. were fueled by the fact that the agency regularly seeks out similar security flaws, and turns some of them into cyberweapons. But Caitlin Hayden, the spokeswoman for the National Security Council, said in a statement: “Reports that N.S.A. or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The federal government was not aware of the recently identified vulnerability in OpenSSL” — the freely available encryption methodology — “until it was made public in a private sector cybersecurity report.”

The vulnerability was discovered by Finnish researchers and a researcher at Google. But, so far, there is no evidence that anyone used it to hack into personal or secret data.