The Heartbleed OpenSSL bug (CVE-20-14-0160) caught everybody by surprise last week, and the scope and impact of the issue can't be overstated. Mitigating the impact of Heartbleed is a daunting process since it has been in the wild since March 2012 and because attacks that use it leave no footprints.
Last week Qualys created detection capabilities for Heartbleed within 24 hours of its discovery. Today we have released a new Heartbleed reporting capability within the QualysGuard Certificates Dashboard so that organizations can move efficiently through the patching and certificate cleanup process. Within the Certificates Dashboard, a specific “Heartbleed” selection has been added to the Filters menu that outputs the details of any certificates associated with assets that either have a current HeartBleed detection or had a HeartBleed detection and their certificate issue date lies before the fix date. In addition the administrator can search for certificates that were issued any time before the systems were patched, which constitute the “at risk” population of certificates that should be revoked and replaced.
Our ability to deliver detection and reporting to our entire QualysGuard customer so quickly after the discovery of Heartbleed demonstrates the flexibility of our cloud-based platform. We will continue to iterate and improve our capabilities to make the recovery from Heartbleed as painless as possible for our customers.
Heartbleed Remediation Reporting Step-by-Step
- Navigate to the Assets section of QualysGuard.
- Select the Certificates tab, click the Filters dropdown and choose Heartbleed to see all affected hosts.
- After you have patched some or all of the affected hosts, click Search and select Fixed to list only remediated hosts that can be issued new certificates.
- Search for all certificates issued before the patch date to identify certificates that may need to be replaced (in this example 14 April 2014).
- To share with others, export the data in the format of your choice.