[h=1]OpenSSL[/h][h=2]Urgent Action Required[/h]There is a vulnerability present within OpenSSL that can allow sensitive information that is stored in the server memory to be disclosed to an attacker.
A public proof of concept has already been released and in our testing we were able to see credentials, session and private information!
It is highly recommended that you upgrade OpenSSL on all of your servers to one of the patched versions and also ensure that any other software using OpenSSL is patched as well. It would also be a good idea to revoke any private keys as this vulnerability has apparently been known for a couple years now.
Vulnerability Explained:
http://heartbleed.com
Test If You Are Vulnerable:
Test your server for Heartbleed (CVE-2014-0160)
Ongoing Discussion at WHT:
CVE-2014-0160 - The Heartbleed Bug (openssl) - Vulnerabilities - Web Hosting Talk
A public proof of concept has already been released and in our testing we were able to see credentials, session and private information!
It is highly recommended that you upgrade OpenSSL on all of your servers to one of the patched versions and also ensure that any other software using OpenSSL is patched as well. It would also be a good idea to revoke any private keys as this vulnerability has apparently been known for a couple years now.
Vulnerability Explained:
http://heartbleed.com
Test If You Are Vulnerable:
Test your server for Heartbleed (CVE-2014-0160)
Ongoing Discussion at WHT:
CVE-2014-0160 - The Heartbleed Bug (openssl) - Vulnerabilities - Web Hosting Talk
