On April 7, 2014, the Heartbleed bug was revealed to the Internet community. The Heartbleed bug is not a flaw in the SSL or TLS protocols; rather, it is a flaw in the OpenSSL implementation of the TLS/DTLS heartbeat functionality. The Heartbleed Bug allows an attacker to gain access to sensitive information that is normally protected by the SSL and TLS protocols without leaving a trace.
The steps to secure your environment against the Heartbleed Bug vulnerability must be done in the following order. For example, you must not do step six (reset passwords) before you have completed steps 1 – 5, or else your reset passwords may still be exposed.