Stay up-to-date with product announcements, search for answers, watch our training videos, and share your suggestions with us and the community. You can also submit a request and our friendly and knowledgeable support team members will be happy to assist you.
Egnyte Unaffected by Heartbleed Vulnerability
On April 7, a critical vulnerability in the widely-used OpenSSL SSL/TLS toolkit nicknamed "Heartbleed" was announced. This vulnerability allows an attacker to remotely observe information stored in the memory of affected servers which can include such sensitive items as passwords and encryption keys. The impact is widespread because OpenSSL is employed in more than two-thirds of all Internet sites, however only particular versions of OpenSSL have the vulnerability. You can read about the technical details of Heartbleed here.
The versions of OpenSSL that Egnyte currently employs across all of its products, both cloud and on-premises, are not impacted by the Heartbleed vulnerability. Moreover, Egnyte has never used a version of OpenSSL that was subject to the vulnerability.