By now you’ve likely read the articles about the recent Heartbleed SSL vulnerability uncovered in OpenSSL that has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack.
Security is clearly a top priority for Ipswitch and our customers. From the first alert of this vulnerability, the Ipswitch Security Team moved quickly to determine the impact and will issue patch fixes in any case where we find vulnerability. In those cases, we’ve decided to partner with the security community at-large to implement an industry-best solution. We’ll be issuing security patches to disable the OpenSSL heartbeat and will follow-up in the near future with new versions of the OpenSSL library.
As with any wide reaching story, we understand that our customers may have additional concerns. Please don’t hesitate to reach out to our customer support team.
Some of Ipswitch’s products were impacted because of our use of OpenSSL, and they include:
- MOVEit Cloud (has been remediated)
- MOVEit Mobile for MOVEit File Transfer (DMZ) 8.0
- WS_FTP Server 7.6
- WS_FTP Pro 12.4 (Only if accessing a compromised website using SSL)
- IMail, IMail Secure and IMail Premium versions 12.3 and 12.4
Through your Customer Portal you’ll be able to access instructions to properly implement the Security Update for impacted versions.
Products not impacted by this vulnerability are:
- WhatsUpGold (WUG) and other WhatsUp tools and network products
- MOVEit File Transfer (DMZ) when MOVEit Mobile server is not installed
- MOVEit Central
- MOVEit Ad Hoc Transfer Plug-in for Outlook
- MOVEit EZ
- WS_FTP Server versions other than 7.6
- WS_FTP Pro versions other than 12.4, including WS_FTP LE
- IMail, IMail Secure and IMail Premium versions other than 12.3 and 12.4
As with any wide reaching story, we understand that our customers may have concerns. We’re here to answer your questions and have developed a list of the ones we’ve heard most frequently on the customer portal.
If you should have any additional questions or concerns, feel free to reach out to the appropriate technical support team: