Vulnerability Heartbleed

Yesterday it was publicly announced that a vulnerability was discovered in a widely used SSL library OpenSSL, called Heartbleed. Almost 60% of all the organizations worldwide use this, including Connexys.

At this moment the application and websites can no longer be targeted using this vulnerability. As a precaution we strongly recommend you reset your password. 

If you have additional questions or concerns about Heartbleed. Please read the additional information or contact Guus Meijer at meijer@connexys.com

Additional information

On April 8th a major security vulnerability was reported within the SSL libraries. This system handles all secured traffic and protects information. Almost 60% of the organizations worldwide use this, including Connexys. The vulnerability is now known as Heartbleed (read here about it). If exploited successfully an attacker may be able to extract up to 64kb of information from the affected server.

Connexys uses SSL for almost every service. We run daily security updates on all the servers whom can be contacted by clients. The device hosting the SSL certificates runs on a server outside control of Connexys. Therefore we can not update this device ourselves. Our supplier didn't have a fix ready for the Heartbleed.

What we have done. 

Because the supplier didn't have a fix ready, we started the reconfiguration of the SSL services. This operation takes a long time. From April 8th, the most important servers where SSL is active, can no longer be affected by the Heartbleed vulnerability. The other servers have been updated within the night of April 8 to 9.

What you should do

Although there is no evidence that any customer's accounts have been affected, as a precaution we strongly recommend that you reset your password*.

* SSO-users, please contact your Security Officer.

Resetting your password

You can request a new password by clicking on the blue text on the log in page. 

Lessons learned

We are now evaluating the security processes and relation with our supplier shall be re-evaluated. We are making sure this situation will never happen again. 

If you have any questions regarding this article, please contact Guus Meijer at meijer@connexys.com 

Comments