OpenSSL Security Vulnerability: Heartbleed

Late yesterday, a vulnerability in the OpenSSL libraries, CVE-2014-0160, was announced. The OpenSSL libraries are used to provide the secured or encrypted connections for web stores like Amazon or EBay, banks, and other sites like Google, Facebook, and Twitter. This vulnerability would allow attackers to learn the private keys used to encrypt and decrypt the secured information.

Several of our servers were affected by this vulnerability, including our Linux Fusion platform and Connect webmail interface. We have updated all vulnerable services but strongly recommend that all customers with SSL enabled sites get the SSL certificates revoked and re-issued. Some customers may see warnings when connecting to SSH/SFTP for the Linux Fusion platform as we have also re-generated the keys for SSH/SFTP. If you have any questions or concerns please contact support at 800-982-4539 or by email at [email protected]

For more information on the vulnerability please visit:  http://heartbleed.com/ or http://www.kb.cert.org/vuls/id/720951

Recommended Posts