ADAM and the Heartbleed bug

OVERVIEW


heartbleed.png This article is intended to inform you of the impact of the Heartbleed bug on the ADAM application.

Heartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of a server or a client, allowing him or her to retrieve, for example, a server's SSL private keys. Examinations of audit logs appear to show that some attackers may have exploited the flaw for at least five months before it was rediscovered and published (Wikipedia).


ADAM does not use the OpenSSL library in its codebase and thus is not directly impacted by this bug.


However, customers are advised to re-evaluate their ADAM infrastructure as ADAM might be using underlying network hardware and software including, but not limited to firewalls, routers, switches, reverse proxies and FTP servers that are vulnerable

REFERENCES



http://heartbleed.com/
http://www.kb.cert.org/vuls/id/720951
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

 

Was this article helpful?

4 out of 4 found this helpful

1 comment

  • Avatar
    Peter Scoins

    In relation to this vulnerability,  default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability.   Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the vulnerability.If you are using FileZilia Server as your FTP server, please ensure you upgrade it to at least version 0.9.44. FileZilla Client, does not use OpenSSL, hence there is no fix needed for the client version (The client uses GnuTLS).