Heartbleed is a security bug in the OpenSSL cryptography library. This bug allows a webserver to reply to a malformed heartbeat request with up to 64 kilobytes of data stored in memory on the webserver. The potential is that this data might contain critical security data like a server’s SSL private keys, providing a hacker with complete access to information on a web server.
Internet companies are concerned that this vulnerability has existed in some form since December 31, 2011 and that the code with this vulnerability is widely used on web servers everywhere. This poses a serious threat to any company conducting business over the Internet as either they or those they do businesses with may be affected by this security bug.
We at StorageCraft make every effort to maintain the highest degree of integrity and security with all of our products, which is why we are informing our customers who use the StorageCraft ShadowControl webserver of an automatic security update which will be applied to their appliance the next time that it is rebooted. To activate this automatic security update simply restart your ShadowControl appliance (see screenshot below).
Because of the nature of this security bug, StorageCraft recommends as a best practice that customers replace the certificates on all production ShadowControl appliances. For information on replacing SSL certificates on the ShadowControl appliance, please visit the ShadowControl User Guide – Security Section .
Please contact StorageCraft Support or your Channel Sales Representative if you have any questions.