login about faq

What is the Heartbleed vulnerability and are products from SSH Communications Security affected by it?

asked Apr 10 '14 at 15:02

SSH%20KB's gravatar image

SSH KB ♦
509250247238

edited Apr 10 '14 at 17:41


What is the “HeartBleed” vulnerability?

The vulnerability (CVE-2014-0160) exploits a bug in OpenSSL’s implementation of TLS/DTLS heartbeat extension. It allows an attacker to read portions of system memory of affected systems including encryption keys, user names and passwords without using any privileged information or credentials.

More information at http://heartbleed.com.

What exactly is affected?

The vulnerability affects versions 1.0.1 and 1.0.2-beta of OpenSSL.

Are SSH Communications Security products affected?

SSH protocol/applications are not affected in general, for example OpenSSH is not affected.
None of SSH Communications Security products are directly affected and none of our products will need security fixes or maintenance releases.

Tectia SSH Client/Server/Connectsecure/MFT Events/z/OS are not affected.
Tectia Manager is not affected
CryptoAuditor is not affected
MobileID is not affected

Universal SSH Key Manager is indirectly affected
Since Universal SSH Key Manager uses the OpenSSL library that is provided by the operating system it is affected on those systems which use vulnerable versions of the library. SuSE Linux is not affected as it uses an older version (0.9.x) of OpenSSL which is not vulnerable.
Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.4 and earlier are not affected.
Red Hat Enterprise Linux 6.5 IS affected

Customers using Universal SSH Key Manager have been informed individually

link

answered Apr 10 '14 at 17:42

SSH%20KB's gravatar image

SSH KB ♦
509250247238

edited Apr 14 '14 at 14:54

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×2

Asked: Apr 10 '14 at 15:02

Seen: 5,530 times

Last updated: Apr 14 '14 at 14:54

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.