Heartbleed warning - Cyrus admin password leak!
Robert Norris
robn at fastmail.fm
Sun Apr 13 00:18:24 EDT 2014
On Sun, Apr 13, 2014, at 12:55 PM, Bron Gondwana wrote:
> Finally, as Ken mentioned, if you have an SSL-enabled Cyrus listening
> to the internet, you admin password may have been stolen already.
> Upgrading OpenSSL won't stop future login attempts with that stolen
> password.
Your private key may also have been stolen. You'll need to regenerate
your private key and certificate (or get a new from from your CA), and
get the old one revoked.
Cheers,
Rob N.
More information about the Info-cyrus
mailing list