Heartbleed Security Bug Was Used To By Pass The Past Multifactor Authentication

It’s not been a long time since the Heartbleed bug introduced the world and created a whole lot of mess in the tech world and then it was flood of leaks of new founding related to the bug and here is another founding that the with such flaw hackers could be able to breach the Virtual private network or could bypass the verification of information in multi factor or two step verification. The Report comes from the privacy company Mandiant says in the initial stages of bug, it could be possible that a hacker exploits the VPN, which is known as the most secured network till now. 

Cnet Says “In bypassing multifactor authentication, the attackers were able to get around one of the stricter methods of ensuring that someone is who they say they are. Instead of just a single password, multifactor authentication requires at least two of three kinds of credentials: something you know, something you have, and something you are.While much of the Internet discussion of Heartbleed has focused on attackers taking advantage of the vulnerability to steal private encryption keys, Glyer said the attack against the unnamed Mandiant client indicates that session hijacking is also a risk.”

Companies like Facebook, Google, Microsoft and other’s released a note saying that they have solved the security bug but urge to change the usernames and passwords. The vulnerability was introduced inadvertently several year ago in the OpenSSL, which is the mostly used encryption technique by two third of the internet but wasn't disclosed till this year and since then firms are struggling to patch the exploit in their servers. This was the biggest privacy breach in internet history and almost all firms were vulnerable to this threat but wasn't aware of it.