Hoppa till innehåll
Svenska
Logga in
Gå till itsoftware.se
  • Det finns inga förslag eftersom sökfältet är tomt.

Security: Heartbleed bug and effect on TOPdesk software

In April 2014 a flaw (the so called "Heartbleed" bug) in software that is widely used to secure Web communications, was published. Although this software and the mentioned flaw is not present in TOPdesk software, it might be possible that customers need to take action.

In April 2014 a flaw (the so called "Heartbleed" bug) in software that is widely used to secure Web communications, was published. Although this software and the mentioned flaw is not present in TOPdesk software, it might be possible that customers need to take action. Description of event: On the 7th of April 2014 a security vulnerability in OpenSSL cryptographic software library was published. This library is widely used on the internet for securing data communication. Impact: TOPdesk software does not include OpenSSL or this vulnerability. On premises installations are therefore not affected as long as they are not connected to a public network. When TOPdesk is made available to public network, we advise to assess the used infrastructure for the presence of the mentioned bug and take appropriate action, as all communication might be exposed, including login information sent over HTTPS. Background information on the vulnerability: We kindly refer to the following sources for technological background information and advice on how to take action: OpenSSL security Advisory: https://www.openssl.org/news/secadv_20140407.txt Background information about the vulnerability: http://heartbleed.com Advise on follow up: In most cases we assess that no further action is necessary. Please keep in mind that due to the nature of the vulnerability there is no means of detection of misuse. Therefore we advice our customers to still perform their own assessment if further follow up is necessary, based on: * OpenSSL security Advisory: https://www.openssl.org/news/secadv_20140407.txt * Background information about the vulnerability: http://heartbleed.com Possible actions are: * changing passwords for TOPdesk accounts that have been used during the exposed time frame, if TOPdesk authentication is used * changing passwords for network accounts that have been used TOPdesk during the exposed time frame, if authentication is delegated to for example Active Directory * assess own infrastructure, especially proxy servers used to access TOPdesk or other applications, for the presence of OpenSSL vulnerability If you have any questions or doubts, please contact TOPdesk Support for advice.