25 августа 2021
A few days ago, The OpenSSL Project staff released a security bulletin reporting a critical CVE-2014-0160 vulnerability in the popular OpenSSL cryptographic library.
The vulnerability is due to the lack of necessary border checking in one of the Heartbeat extension procedures (RFC6520) for the TLS/DTLS protocol. Because of this error, anyone can gets direct access to a RAM memory of computers whose communications are «protected» by a vulnerable version of OpenSSL. In particular, the attacker gets access to a secret keys, usernames, and passwords and all the content that should be transmitted in encrypted form. And there is no trace of penetration into the system.
The vulnerable version of OpenSSL is used in popular Nginx and Apache web servers, on mail servers, IM servers, VPNs, as well as in many other programs. The damage brings this bug is extremely high.
SyncWeb uses a version this vulnerability, and there is no need to change passwords. There is no threat of data compromise.
Using the filippo.io/Heartbleed service, you can check any server for this vulnerability, including the SyncWeb servers as well.
