cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor II

Bluesocket Controller vulnerable to 'Heartbleed' Bug

Jump to solution

Hello,

We are running a hardware controller with the latest firmware "2_4_0_12" and it would appear that this device is susceptible to the newly released 'Heartbleed' bug. Does anyone know of an attempt to patch this?

We do have our SSL cert attached to this device so it is somewhat concerning to me.

Thanks,

Jordan

1 Solution

Accepted Solutions
Highlighted
Anonymous
Not applicable

Re: Bluesocket Controller vulnerable to 'Heartbleed' Bug

Jump to solution

We understand this is an important issue. You can find important security notifications on our support forums in the section.

We have confirmed that vWLAN 2.3.0.09 or lower does not use the versions of OpenSSL susceptible to this attack. Only vWLAN 2.4.0.12 is affected. We have a patch to address this issue and we are currently testing to verify that no other aspects of vWLAN will be affected.

The patch will be posted to the of our support community when testing is complete. You can expect this patch very soon.

Please note the Heartbleed attack could have compromised any SSL/TLS certificate installed on vWLAN, and the forthcoming vWLAN patch will address the self-signed, default Adtran/Bluesocket certificate. Even with this patch, anyone using a third-party certificate should contact their CA. For example, if you purchased a certificate from GoDaddy or Verisign, then you should consider contacting them to request a new certificate.

UPDATE: An has been posted.

View solution in original post

0 Kudos
Reply
5 Replies
Highlighted
Valued Contributor
Valued Contributor

Re: Bluesocket Controller vulnerable to 'Heartbleed' Bug

Jump to solution

We're biting nails too.  Hopefully ADTRAN can provide information very soon.

UPDATE:  vWLAN 2.4.0.12 is vulnerable.  See related post

Highlighted
Anonymous
Not applicable

Re: Bluesocket Controller vulnerable to 'Heartbleed' Bug

Jump to solution

We understand this is an important issue. You can find important security notifications on our support forums in the section.

We have confirmed that vWLAN 2.3.0.09 or lower does not use the versions of OpenSSL susceptible to this attack. Only vWLAN 2.4.0.12 is affected. We have a patch to address this issue and we are currently testing to verify that no other aspects of vWLAN will be affected.

The patch will be posted to the of our support community when testing is complete. You can expect this patch very soon.

Please note the Heartbleed attack could have compromised any SSL/TLS certificate installed on vWLAN, and the forthcoming vWLAN patch will address the self-signed, default Adtran/Bluesocket certificate. Even with this patch, anyone using a third-party certificate should contact their CA. For example, if you purchased a certificate from GoDaddy or Verisign, then you should consider contacting them to request a new certificate.

UPDATE: An has been posted.

View solution in original post

0 Kudos
Reply
Highlighted
Valued Contributor
Valued Contributor

Re: Bluesocket Controller vulnerable to 'Heartbleed' Bug

Jump to solution

Great info--thank you.

0 Kudos
Highlighted
Anonymous
Not applicable

Re: Bluesocket Controller vulnerable to 'Heartbleed' Bug

Jump to solution

I went ahead and flagged this as assumed answered to help make this post and answer more visible to others. Please mark any helpful or correct answers, and definitely let us know if we need to be more verbose or provide any clarifications.

0 Kudos
Highlighted
New Contributor II

Re: Bluesocket Controller vulnerable to 'Heartbleed' Bug

Jump to solution

Thank you, this is what I assumed. Just hadn't read anything formal.

0 Kudos