What Is The Heartbleed Bug? Are Untangle Products And Services Vulnerable?
A recent OpenSSL library vulnerability, popularly named “heartbleed” was recently discovered and made public.
The OpenSSL library is the most widely used encryption library globally. A version released about two years ago contains a flaw that allows a hacker to use the TLS protocol to request large chunks of server memory.
The greatest risk was in exposing the server’s private SSL key with which it encrypted communications with the client. Any system that had the flawed library needs to be patched immediately and have it’s SSL certificate regenerated.
At this time, we can state that neither the NG Firewall nor the IC Control systems contained the flawed libraries. Legacy eSoft systems are also unaffected. No customer action is required for those product lines.
None of our public web servers were affected by the bug.