Heartbleed openssl vulnerability and SecureLogin

  • 7014920
  • 15-Apr-2014
  • 15-Apr-2014

Environment

Novell SecureLogin 
NetIQ SecureLogin
NSL6.x
NSL7.x
NSL8.x

Situation

Could SecureLogin be affected by the heartbleed bug?
Is SecureLogin susceptible to the openssl heartbleed vulnerability reported in CVE-2014-0160?

Resolution

No.  SecureLogin uses OpenSSL version 0.98 and is therefore not susceptible to the heartbleed vulnerability.

Additional Information

From http://heartbleed.com  status of different openssl versions:

    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
    OpenSSL 1.0.1g is NOT vulnerable
    OpenSSL 1.0.0 branch is NOT vulnerable
    OpenSSL 0.9.8 branch is NOT vulnerable