Back
Security

How big is the impact of the OpenSSL vulnerability on the web?

Mathijs Baas
  • over 1 year ago
  • 1 min read

On 15 March, OpenSSL published that versions 1.0.2, 1.1.1, 3.0.0 and 3.0.1 contain a vulnerability of high severity. The vulnerability, also known as CVE-2022-0778, creates the possibility of starting Denial-of-Service attacks on clients and TLS servers. According to our data, there are currently 1,607,496 domains that are using OpenSSL.

OpenSSL is an open-source toolkit for general-purpose cryptography. It’s one of the most widely used softwares for the encryption of web traffic and it’s also being used in numerous applications. In 2012, OpenSSL suffered from a bug called “Heartbleed” which showed the significance of vulnerabilities within OpenSSL. With Heartbleed, a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords. 

While CVE-2022-0778 doesn’t allow tampering with sensitive data, could its impact be as significant as Heartbleed’s? Luckily, only 0.4% of the domains that have this information publicly available run the versions that have this vulnerability. Below you see a graph of the mutual distribution of vulnerable OpenSSL versions.

Luckily, only 0.4% of the domains that have this information publicly available run the versions that have this vulnerability. Above you see the mutual distribution of vulnerable OpenSSL versions.

Subscribe to our newsletter to stay in the loop about the latest insights and developments around web data.

Subscribe