Heartbleed warning - Cyrus admin password leak!

Ken Murchison murch at andrew.cmu.edu
Fri Apr 11 11:17:01 EDT 2014


All,

I'm sure you have all heard about the Heartbleed 
<http://heartbleed.com/> bug by now.  If not, you definitely need to 
read up on it and take appropriate action.

A Cyrus admin (not at CMU) has recently run the check-ssl-heartbleed 
<https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl> script 
against his server which was using one of the effected versions of 
OpenSSL and was easily able to capture usernames and passwords, 
including the admin password.

Again, please check the versions of OpenSSL on your servers and patch or 
upgrade them ASAP.

Regards,
Ken

-- 
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-announce/attachments/20140411/2345d732/attachment.html 


More information about the Cyrus-announce mailing list