poc

Apr 21, 2014 2 min.

Everyone has been atwitter lately over the heartbleed bug which motivated me to look into what lesser known implementations of OpenSSL might be vulnerable. My ddwrt home router seemed like a good choice because releasing and installing updates isn’t as ubiquitous for firmware as it is for desktop software. I started by looking into the HTTP admin interface. httpd I identified the web server by browsing the source code and found that SSL was most likely performed by MatrixSSL.