Vulnerabilities

SSL/TLS Certificate is Vulnerable to Heartbleed

Risk Level

Informational (4)

Platform(s)

Description

Ensure that none of the server certificates managed by AWS IAM were compromised by the Heartbleed bug, meaning that none of the SSL/TLS certificates were uploaded before April 1st 2014, when the security bug was publicly disclosed. Heartbleed is a critical bug in the OpenSSL library that allows attackers to eavesdrop on SSL/TLS encrypted communications, steal sensitive or confidential data from services and users and be able to impersonate services and users
  • Recommended Mitigation

    Replace the certificate {AwsCertificate} immediately with one issued after April 1st 2014