Security researchers have discovered a vulnerability in certain versions of the very popular OpenSSL application that can lead to the loss of critical sensitive information. The vulnerability is called Heartbleed because if affects the TLS heartbeat function in secure, connections. Because OpenSSL is used by so many web applications, and because this vulnerability can be exploited, the severity is very high.
Townsend Security does not use the affected version of OpenSSL for TLS session security in any of its products, and is not affected by the Heartbleed vulnerability.
For more information about the Heartbleed security vulnerability and what you can do, please visit the following site:
While Townsend Security applications are not subject to this vulnerability, it is very important that you address other applications that are vulnerable. The loss of sensitive information in one application can lead to the compromise of an otherwise unaffected application. For example, the loss of passwords in one application can lead to the compromise of another application if the same password is used. And personally identifiable information lost from one application can be used for fraudulent impersonation in another application or web service.
Patrick
