In article <1483A20E-66B7-4ECC-8C14-34DE4B24BA33@xxxxxxxxx>,
Markus Falb <wnefal@xxxxxxxxx> wrote:
>
> > No vulnerability on the
> > server can expose a private client certificate, only a vulnerability on
> > the client can.
>
> With malicious server I did not meant one that was affected
> by heartbleed but a server which is run by bad people that want to exploit
> vulnerable clients.
>
> If it's easy to write a malicious client to read the server's ram, it's maybe easy to
> write a malicious server that can read the client's ram? Does heartbleed work
> in both directions?
>
> Assume that the client uses a vulnerable openssl, and it connects to a malicious
> server, can the server read the ram of the client?
https://reverseheartbleed.com/
Cheers
Tony
--
Tony Mountifield
Work: tony@xxxxxxxxxxxxx - http://www.softins.co.uk
Play: tony@xxxxxxxxxxxxxxx - http://tony.mountifield.org
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
