Skip to main content

SecureAuth IdP Issue with OpenSSL Heartbleed Bug

Issue

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing information protected under normal conditions by SSL/TLS encryption used to secure the Internet.

SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed Bug allows anyone on the Internet to read the memory of systems protected by the vulnerable versions of OpenSSL software. This vulnerability compromises the secret keys used to identify the service providers and to encrypt the traffic, names and passwords of the users and actual content. In doing so, attackers can eavesdrop on communications, steal data directly from the services and users, and impersonate these services and users.

Applies to

SecureAuth IdP Version

OS Version

7.x+

  • Windows Server 2008

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

SecureAuth Statement

SecureAuth products do not use the OpenSSL cryptographic libraries and only utilize commercially-tested SSL libraries. Thus, all SecureAuth customers of the on-premise product (SecureAuth IdP) and cloud product (SecureAuth 2FaaS) are immune to the Heartbleed Bug attack.