OrangeHRM NOT Vulnerable to Heartbleed

By OrangeHRM | Published on Apr 22, 2014 | minute read

As you may know the heartbleed vulnerability has been a major concern during the past week.

We are please to inform you that we and our service providers were secured from this attack at all times and were never vulnerable due to security measures of our own on top of SSL.

You can findout more details about the vulnarability and the measures from the details below.

Summary

The Heartbleed bug (http://en.wikipedia.org/wiki/Heartbleed_bug) is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1.f.

This vulnerability allows an attacker to read chunks of memory from servers and clients that connect using SSL through a flaw in OpenSSL's implementation of the heartbeat extension.

OpenSSL provides critical functionality in the internet ecosystem, and therefore vulnerabilities, such as Heartbleed, have a significant impact on digital communications and their integrity.

Is my OrangeHRM account affected by Heartbleed?

OrangeHRM's SSL certificate end point was not vulnerable to the Heartbleed bug when it was publicly disclosed on April 7th 2014.

Any secure communication with our servers was not affected by any attacks following the public disclosure of the Heartbleed bug.

The Heartbleed bug has had a profound impact on the transmission of secure data through the Internet.

It is for that reason we are encouraging our customers to reset their passwords at their earliest convenience as a matter of common password maintenance.

Please remember to always make your passwords unique, random, and periodically rotate them.