Heartbleed — OpenSSL

The OpenSSL vulnerability announced on April 7, 2014, also referred to as the Heartbleed bug (CVE-2014-0160), gives hackers the opportunity to obtain the encryption keys used to secure content that is transmitted over SSL/TLS sessions.

How does this affect you as an STR Software customer? For the most part, you are not affected.

  • The AventX product suite is NOT affected
  • FAXCOM Anywhere fax hosting service is NOT affected
  • The SFT (formerly BDS) appliance as part of AventX Mail SC is NOT affected
  • AventX Mail SC (SFT) running on a Windows (IIS) is NOT affected
  • AventX connection to EasyLink fax service is NOT affected

You can test your installation by going to this site and entering the URL of your SFT server:

http://filippo.io/Heartbleed/

Status of different OpenSSL versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

More information can be found here:

http://heartbleed.com/

Please feel free to contact us if you have questions or concerns at 1-800-804-7097 or 804-897-1600 option 3.

Interested in Learning More? Let’s Connect!

Related Articles

7
Share This