Posted on Leave a comment

OpenSSL Heartbleed vulnerability issue

As a follow-up of the Heartbleed vulnerability issue, we have reviewed all Koffeeware services for impact for the issue described in CVE-2014-0160.

A short explanation of the Heartbleed issue

For over two years, the Internet’s most popular implementation of the Transport Layer Security (TLS) protocol has contained a critical defect that allowed attackers to pluck account passwords, authentication cookies, and other sensitive data out of the private server memory of websites. Koffeeware sites were among the millions of web sites using the OpenSSL library, and thus affected by this vulnerability.

Required security updates have been installed tuesday morning and Koffeeware services are no longer vulnerable. This said, as an added precaution, we recommend to change account passwords. If not already done, it is a good time to switch to more complex passwords. As always, security-conscious users should consider using unique, randomly generated passwords at least nine characters long that contain upper- and lower-case letters, numbers, and symbols.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.