Heartbleed openssl vulnerability and SecureLogin

  • 7014920
  • 15-Apr-2014
  • 15-Apr-2014

Environment

Novell SecureLogin 
NetIQ SecureLogin
NSL6.x
NSL7.x
NSL8.x

Situation

Could SecureLogin be affected by the heartbleed bug?
Is SecureLogin susceptible to the openssl heartbleed vulnerability reported in CVE-2014-0160?

Resolution

No.  SecureLogin uses OpenSSL version 0.98 and is therefore not susceptible to the heartbleed vulnerability.

Additional Information

From http://heartbleed.com  status of different openssl versions:

    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
    OpenSSL 1.0.1g is NOT vulnerable
    OpenSSL 1.0.0 branch is NOT vulnerable
    OpenSSL 0.9.8 branch is NOT vulnerable

Feedback service temporarily unavailable. For content questions or problems, please contact Support.