On April 7th a significant vulnerability was reported with OpenSSL. This vulnerability has been referred to as "Heartbleed" / CVE-2014-0160 (more details here -- http://heartbleed.com/ ).
Symantec Enterprise Vault.cloud has reviewed this vulnerability thoroughly. In the final analysis, our infrastructure is not susceptible to the "Heartbleed" bug in the outdated OpenSSL library due to the following reasons:
- Our web servers do not use OpenSSL to provide services to customers.
- Our hardware and software suppliers confirmed the platforms and versions used to deliver our services are not vulnerable.
- We manually tested each customer web portal to confirm our systems are not vulnerable to this bug
No changes will need to be made to security certificates because our systems were never operating with the OpenSSL library. Additionally, we do not need to re-exchange SSL certificates with SSO customers.
As always, Symantec recommends changing passwords regularly on all sites.
For questions about this issue, please contact Symantec Enterprise Vault.cloud’s Customer Support (800-251-3863)