Heartbleed OpenSSL vulnerability can be exploited over wireless networks, researcher says. Portugal-based consultancy Sysvalue has released PoC code for attacks against wireless authentication programs hostapd and wpa_supplicant. The attacks work on password-protected networks because the vulnerability is triggered before a user would have to authenticate, he said. Attacks have been escalating against VPN infrastructure, critical industrial control systems and web servers, researchers say. The most serious attack vectors are vulnerable wireless networks.
Source: https://threatpost.com/heartbleed-exploitable-over-enterprise-wireless-networks/106422/