Video Screencast Help
Archiving and eDiscovery Community Blog

Enterprise Vault.cloud: HeartBleed Vulnerabilities

Heartbleed OpenSSL information
Created: 29 Apr 2014 • Updated: 29 May 2014
jwong007's picture
0 0 Votes
Login to vote

On April 7th a significant vulnerability was reported with OpenSSL. This vulnerability has been referred to as "Heartbleed" / CVE-2014-0160 (more details here -- http://heartbleed.com/ ).

Symantec Enterprise Vault.cloud has reviewed this vulnerability thoroughly.  In the final analysis, our infrastructure is not susceptible to the "Heartbleed" bug in the outdated OpenSSL library due to the following reasons:

  1. Our web servers do not use OpenSSL to provide services to customers.
  2. Our hardware and software suppliers confirmed the platforms and versions used to deliver our services are not vulnerable.
  3. We manually tested each customer web portal to confirm our systems are not vulnerable to this bug

No changes will need to be made to security certificates because our systems were never operating with the OpenSSL library.  Additionally, we do not need to re-exchange SSL certificates with SSO customers.
As always, Symantec recommends changing passwords regularly on all sites.

For questions about this issue, please contact Symantec Enterprise Vault.cloud’s Customer Support (800-251-3863)