Created: Wednesday, 09 April 2014 11:17
Urgent Action Required
There is a vulnerability present within OpenSSL that can allow sensitive information that is stored in the server memory to be disclosed to an attacker.
A public proof of concept has already been released and in our testing we were able to see credentials, session and private information!
It is highly recommended that you upgrade OpenSSL on all of your servers to one of the patched versions and also ensure that any other software using OpenSSL is patched as well. It would also be a good idea to revoke any private keys as this vulnerability has apparently been known for a couple years now.
Test If You Are Vulnerable:
Ongoing Discussion at WHT: