Heartbleed openssl vulnerability and SSPR

  • 7014929
  • 18-Apr-2014
  • 18-Apr-2014


Self Service Password Reset
SSPR 2.x
SSPR 3.x


Could SSPR be affected by the heartbleed bug?
Is SSPR susceptible to the openssl heartbleed vulnerability reported in CVE-2014-0160?


SSPR does not utilize OpenSSL, so it is not susceptible to this security vulnerability.  

There may be potential vulnerabilities for customers who front-end SSPR with Apache web server, but not for those using the default installation of SSPR on Tomcat.