This means that not only logins

[rakhirhif8963]

The vulnerability allows an attacker to gain access to 64 KB of the server's RAM and carry out the attack over and over again until the data is completely lost. and passwords are subject to leakage, but also cookie data, which web servers and sites use to track user actions and simplify authorization. Periodic attacks can also provide access to more serious information, such as private encryption keys for a site used to encrypt traffic. Using this key, an attacker can replace the original site and steal a variety of personal data, such as credit card numbers or private correspondence. Although the patch for HeartBleed was released on April 7, 2014, last year experts counted 200,000 servers that had not received it.

The ShellShock vulnerability (CVE-2014-6271) has been macedonia whatsapp data in the Bash command shell, which is installed by default on Linux and MacOS X, for over two decades. The prevalence of Bash is the main reason why Shellshock is so dangerous. The main danger is the ability to arbitrarily set environment variables inside the Bash interpreter, which defines functions. The problems arise when Bash continues to process interpreter commands after the function is defined, which allows for a code injection attack.

Gaining access to the interpreter has always been a big win for an attacker, because it is equivalent to gaining control over the server (with the appropriate rights). Access to internal data, reconfiguration of the environment, distribution of malware, etc. The possibilities are almost limitless and can be automated. Several years have passed since the disclosure of CVE-2014-6271, but it still worries information security experts. According to IBM X-Force researchers, it is of interest to hackers because it allows for attacks to be as cheap as possible - basic programming skills are enough for this. This year, experts have counted many servers that still have not gotten rid of ShellShock.