Heartbleed openssl vulnerability and SSPR

  • 7014929
  • 18-Apr-2014
  • 18-Apr-2014

Environment

Self Service Password Reset
SSPR 2.x
SSPR 3.x

Situation

Could SSPR be affected by the heartbleed bug?
Is SSPR susceptible to the openssl heartbleed vulnerability reported in CVE-2014-0160?

Resolution

SSPR does not utilize OpenSSL, so it is not susceptible to this security vulnerability.  

There may be potential vulnerabilities for customers who front-end SSPR with Apache web server, but not for those using the default installation of SSPR on Tomcat.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.