Vulnerabilities

SSL/TLS Certificate is Vulnerable to Heartbleed

Platform(s)
Compliance Frameworks

CCM-CSA, cis_8, Data Security Posture Management (DSPM) Best Practices, HITRUST, iso_27001_2022, iso_27002_2022, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, Orca Best Practices

Description

Ensure that none of the server certificates managed by AWS IAM were compromised by the Heartbleed bug, meaning that none of the SSL/TLS certificates were uploaded before April 1st 2014, when the security bug was publicly disclosed. Heartbleed is a critical bug in the OpenSSL library that allows attackers to eavesdrop on SSL/TLS encrypted communications, steal sensitive or confidential data from services and users and be able to impersonate services and users
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo