SecureAuth IdP Issue with OpenSSL Heartbleed Bug
Issue
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing information protected under normal conditions by SSL/TLS encryption used to secure the Internet.
SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed Bug allows anyone on the Internet to read the memory of systems protected by the vulnerable versions of OpenSSL software. This vulnerability compromises the secret keys used to identify the service providers and to encrypt the traffic, names and passwords of the users and actual content. In doing so, attackers can eavesdrop on communications, steal data directly from the services and users, and impersonate these services and users.
Applies to
SecureAuth IdP Version | OS Version |
---|---|
7.x+ |
|
SecureAuth Statement
SecureAuth products do not use the OpenSSL cryptographic libraries and only utilize commercially-tested SSL libraries. Thus, all SecureAuth customers of the on-premise product (SecureAuth IdP) and cloud product (SecureAuth 2FaaS) are immune to the Heartbleed Bug attack.