Beanstream’s processing server remains secure and unsusceptible to the Heartbleed bug that is affecting many sites using OpenSSL.
However the OpenSSL cryptographic library is very popular for SSL/TLS encryption to secure the internet. “OpenSSL 1.0.1 contains a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as ‘heartbleed.” The bug found on April 7th, 2014 is officially known as CVE-2014-0160.
As a developer it is important to be aware that you’re integrations on your own or customer sites may still be affected if OpenSSL is used on your servers. If you are using OpenSSL on a customer facing site that is integrated to any of the Beanstream services, we recommend:
- Ensure your servers are running the latest fixed version of the OpenSSL, “fixed version 1.0.1g or newer should be used.”
- Change your passwords
- Notify user and encourage them to change passwords
If you are unsure or want to test your server you can use Qualys SSL Labs SSL report, https://www.ssllabs.com/ssltest/index.html
To learn more about the heartbleed bug go to heartbleed.com.