4 Replies Latest reply on Apr 15, 2014 10:55 AM by mick

    Heartbleed bug and Netvanta 3120

    mick Visitor

      Hi,

       

      Should I be replacing my VPN SSL certificates as well as the device passwords immediately, or should I wait for a new firmware to come out first?

       

      Regards,

      Mick

        • Re: Heartbleed bug and Netvanta 3120
          cj! Beta_User

          Hi mick:

           

          I conducted testing today and found no AOS-based products to be vulnerable to Heartbleed.  I tested a few NetVanta switch and router products across a few R10+ and pre-R10 software versions without any vulnerability detected.  Perhaps ADTRAN will provide an official statement, but my own anecdotal testing turns up negative for AOS.  At least one other ADTRAN product is known to be vulnerable.

           

          This does not mean that web servers behind an AOS firewall are safe.  If you have port-forwarding to an HTTPS server running a version of OpenSSL that is vulnerable, then that server needs to be patched.  The port-forwarding could be removed to block traffic as a short-term way to mitigate risk.

           

          Best,

          CJ

          1 of 1 people found this helpful