Scroll Top

OpenSSL Vulnerability

April 9, 2014

Urgent Action Required

There is a vulnerability present within OpenSSL that can allow sensitive information that is stored in the server memory to be disclosed to an attacker.

A public proof of concept has already been released and in our testing we were able to see credentials, session and private information!

It is highly recommended that you upgrade OpenSSL on all of your servers to one of the patched versions and also ensure that any other software using OpenSSL is patched as well. It would also be a good idea to revoke any private keys as this vulnerability has apparently been known for a couple years now.

Vulnerability Explained:
http://heartbleed.com

Test If You Are Vulnerable:
http://filippo.io/Heartbleed

Ongoing Discussion at WHT:
http://www.webhostingtalk.com/showthread.php?t=1364373

Related Posts

SSL v3 Security Vulnerability Update

Google has released more pertinent information regarding the SSL v3 vulnerability as a pdf document linked to below: https://www.openssl.org/~bodo/ssl-poodle.pdf Please pay close attention to the recommendations and implement as necessary.

15 Oct 2014
OpenSSL heartbleed vulnerability update

For those of you using OpenSSL 1.0.1 (most recent Unix systems), it is critical that you patch the openssl library, as well as binaries compiled statically with openssl, as soon as possible.

12 Apr 2014
SSL v3 Rumoured Vulnerability

According to The Register, a serious vulnerability in SSL v3 will be disclosed tomorrow on October 15th. Some people are recommending disabling SSL v3 in various daemons until further notice. We will update our blog once the vulnerability is released tomorrow. We urge everyone to stay alert and be…

14 Oct 2014
OpenSSL announce versions 1.0.2d and 1.0.1p

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as “high” severity. This defect does not affect the 1.0.0 or 0.9.8 releases.

08 Jul 2015
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required
Privacy Policy Cookies Policy