The OpenSSL vulnerability announced on April 7, 2014, also referred to as the Heartbleed bug (CVE-2014-0160), gives hackers the opportunity to obtain the encryption keys used to secure content that is transmitted over SSL/TLS sessions.
How does this affect you as Biscom customers? For the most part, you are not affected.
- The Biscom SFT VM appliance is NOT affected.
- SFT which runs a Windows web server (IIS) is NOT affected.
- FAXCOM Anywhere fax hosting service is NOT affected.
- You may be affected if you upgraded to OpenSSL version 1.0.1 to 1.0.1f. Check with your IT administrators if you think you may have upgraded OpenSSL.
You can test your installation by going to this site and entering the URL of your SFT server:
Status of different OpenSSL versions:
- OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 branch is NOT vulnerable
- OpenSSL 0.9.8 branch is NOT vulnerable
More information can be found here:
Please feel free to contact Biscom support if you have questions or concerns.