Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Enterprise Vault

Symantec Enterprise not affected by Heartbleed

Created: 11 Apr 2014 • Updated: 11 Apr 2014
Amy Dugdale's picture
0 0 Votes
Login to vote

On April 7, 2014, a significant vulnerability was reported with OpenSSL. This vulnerability has been referred to as "Heartbleed" / CVE-2014-0160 (more details here -- ).

Symantec Enterprise has reviewed this vulnerability thoroughly.  In the final analysis, our infrastructure is not susceptible to the "Heartbleed" bug in the outdated OpenSSL library due to the following reasons:

1.       Our web servers do not use OpenSSL to provide services to customers.

2.       Our hardware and software suppliers confirmed the platforms and versions used to deliver our services are not vulnerable.

3.       We manually tested each customer web portal to confirm our systems are not vulnerable to this bug

No changes will need to be made to security certificates because our systems were never operating with the OpenSSL library.  Additionally, we do not need to re-exchange SSL certificates with SSO customers.

As always, Symantec recommends changing passwords regularly on all sites.