Description
Heartbleed attack
What is the purpose of the Heartbeat protocol based on your part 1 report?
2. Describe what the mistake is in the Heartbleed vulnerability.
3. What lesson do you learn from this vulnerability?
4. The figure shows where a malicious Heartbeat request packet is stored in the memory after it is received. The payload length field contains 0x700. Please in detailed explanation describe which credit card numbers will be stolen by the attacker.
5. Assume that the Heartbeat implementation uses the actual payload length when allocating memory for the response packet (i.e., the memory for the response packet will the same size as that for the request packet). However, during the memory copy, the claimed payload length is used. What kind of security problems does it have?
20.6. Assume that the Heartbeat implementation uses the claimed payload length when allocating memory for the response packet, but during the memory copy, the actual payload
length is used. What kind of security problems does it have?
