The Results of the CloudFlare Challenge

On April 11, 2014, a Heartbleed Challenge was announced where participants were tasked with stealing a private key from an nginx server using a vulnerable version of OpenSSL. Two individuals independently succeeded in retrieving the private keys using the Heartbleed exploit. The first valid submission came at 16:22:01PST by Software Engineer Fedor Indutny, who sent around 2.5 million requests. The second was submitted at 17:12:19PST by Ilkka Mattila from NCSC-FI, who sent approximately a hundred thousand requests. Two more winners were later confirmed: Rubin Xu and Ben Murphy. All participants used only the Heartbleed exploit to obtain the private key. The challenge highlights the power of collaboration and emphasizes the potential danger posed by this vulnerability.