CionSystems Products Are Not Vulnerable to The Heartbleed Bug

April 16, 2014
By admin

CionSystems products are not vulnerable to the Heartbleed bug:

General Information

The “Heartbleed Bug” is a security flaw in OpenSSL’s TLS implementation.  SSL/TLS provide secure the transmission for private information. The bug is actually a memory leak exploit that can potentially lead to the exposure of server keys.  This can result disclosure of private computer memory and private information. It is indeed a very serious vulnerability.

How to diagnose if your systems are vulnerable:

To determine if your systems are vulnerable to the Heartbleed bug, see http://www.kb.cert.org/vuls/id/720951

How to fix systems that are vulnerable to Heartbleed *and* the potential loss of private keys:

If you find any of your systems vulnerable to the Heartbleed bug, the steps typically involved in fixing a system include:

  1. Patching vulnerable systems with OpenSSL 1.0.1g
  2. Regenerating new private keys
  3. Submitting new CSR to your CA
  4. Obtaining and install new signed certificate
  5. Revoking old certificates

Exercise caution when revoking certificates as some systems may become inaccessible.

Leave a Reply