[tahanteada]

Heartbleed, nimega Cupid, tegutsemas:

Cupid attack, Heartbleed Attack Vectors target Enterprise Wireless and Android Devices
A Portuguese security expert has uncovered the Cupid attack, a new Heartbleed attack vector which can impact Android devices, enterprise wireless networks and other connected devices.

Cupid is the name of the new Heartbleed attack method recently proposed by Portuguese security researcher Luis Grangeia, unlike the original version of the attack, which took place on TLS connections over TCP, it could be exploited over wireless networks and peer-to-peer connections. The Cupid attack happens on TLS connections over the Extensible Authentication Protocol (EAP), the popular authentication framework typically used in wireless networks and peer-to-peer connections, in particular the HeartBleed flaw impacted EAP methods are the ones that use TLS (EAP-PEAP, EAP-TLS and EAP-TTLS). EAP-PEAP, EAP-TTLS and EAP-TLS use a TLS tunnel over EAP to secure some part of the authentication process.

As explained by the researcher Cupid is the name he gave to two source patches that can be applied to the programs “hostapd” and “wpa_supplicant” on Linux, they attempt to exploit Heartbleed over EAP TLS tunneled protocols EAP-PEAP, EAP-TLS, EAP-TTLS and affects both clients and servers.

Edasi juba lingil:
http://securityaffairs.co/wordpress/25433/hacking/cupid-attack-heartbleed-vector.html