Sogou pass server operation and maintenance improper Server sensitive information disclosure
Recently broke the openssl heartbleed vulnerability, this evening there have been detailed articles and the use of tools, a detailed analysis of the articles can be seen below:
The original English version of the article
Domestic translation of the Chinese version
Using the script:
The specific hazard it is to be read on the server for a period of 64kb size of the memory, the specific impact depends on the business scenario.
Here sogou passes can be read into the cookie content, so it is still very important.
python openssl.py account.sogou.com
1, only affect openssl 1.0.1 to 1.0.1 f versions, and openssl 1.0.2 beta versions, other versions are not affected, Non-Affected version does not need to be repaired
2, the 1.0.1 g version has been fixed the vulnerability, if the server on the openssl version there is the vulnerability, please upgrade to this version