Teamdrive vulnerable to Heartbleed bug ???

Questions and information regarding the Windows desktop client - Fragen und Informationen zum Windows Desktop-Client

Teamdrive vulnerable to Heartbleed bug ???

Postby rosch » 09 Apr 2014, 10:23

Hello,

According to the "Kurzgutachten zur Rezertifizierung 2013" Teamdrive is also using openSSL libraries for its cryptographic functions. :shock:
So, do we have to worry about the security, is Teamdrive client/server/cloud vulnerable to the heartbleed bug?
Which openSSL version is used inside the Teamdrive applications?

please clarify the status
Robert
rosch
 
Posts: 19
Joined: 17 Apr 2013, 22:02

Re: Teamdrive vulnerable to Heartbleed bug ???

Postby Kenneth » 09 Apr 2014, 14:01

We are currently working on a patch to safeguard our services from any potential exploits that can be caused by this bug.
Kenneth
 
Posts: 1277
Joined: 29 Aug 2012, 15:11

Re: Teamdrive vulnerable to Heartbleed bug ???

Postby LenzGr » 09 Apr 2014, 15:49

rosch wrote:According to the "Kurzgutachten zur Rezertifizierung 2013" Teamdrive is also using openSSL libraries for its cryptographic functions. :shock:
So, do we have to worry about the security, is Teamdrive client/server/cloud vulnerable to the heartbleed bug?
Which openSSL version is used inside the Teamdrive applications?

The TeamDrive Client uses cryptographic functions provided by OpenSSL to perform local AES-256 encryption of data before it is transmitted to a TeamDrive Server. Since the data has already been encrypted locally, the TeamDrive Client-Server communication does not establish an additional secure communication channel via SSL/TLS (this reduces the overhead and makes it easier to propagate the data via proxy servers). Therefore we're not affected by this vulnerability here, as it only affects secure communication channels established via SSL/TLS.

We'll publish a more detailed statement about TeamDrive and the Heartbleed bug shortly.

Lenz
LenzGr
 
Posts: 11
Joined: 03 Jan 2014, 13:20

Re: Teamdrive vulnerable to Heartbleed bug ???

Postby LenzGr » 09 Apr 2014, 20:34

We've now published a blog post that provides some additional information: http://blog.teamdrive.com/2014/04/teamdrive-and-heartbleed-openssl-bug-is.html

Lenz
LenzGr
 
Posts: 11
Joined: 03 Jan 2014, 13:20

Re: Teamdrive vulnerable to Heartbleed bug ???

Postby rosch » 09 Apr 2014, 22:06

Thanks for the quick clarification! :D

regards
Robert
rosch
 
Posts: 19
Joined: 17 Apr 2013, 22:02


Return to Windows XP/Vista/7/8/10

Who is online

Users browsing this forum: No registered users and 8 guests

cron