Heartbleed Bug: Flaw in OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2-beta1

On April 7, 2014, the Heartbleed bug was revealed to the Internet community. The Heartbleed bug is not a flaw in the SSL or TLS protocols; rather, it is a flaw in the OpenSSL implementation of the TLS/DTLS heartbeat functionality. The Heartbleed Bug allows an attacker to gain access to sensitive information that is normally protected by the SSL and TLS protocols without leaving a trace.

This only affects you if you are running OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2-beta1, or if you are running software that is using affected versions of the OpenSSL library.

The steps to secure your environment against the Heartbleed Bug vulnerability must be done in the following order. For example, you must not do step six (reset passwords) before you have completed steps 1 – 5, or else your reset passwords may still be exposed.