OpenSSL TLS heartbeat read overrun defect (Heartbleed)
- 01 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
OpenSSL TLS heartbeat read overrun defect (Heartbleed)
- Updated on 01 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Are Pharos products affected by the OpenSSL "Heartbleed" defect?
The OpenSSL TLS heartbeat read overrun defect (CVE-2014-0160), termed "Heartbleed", specifically affects the OpenSSL 1.0.1 libraries. The exploit targets web services via the TLS extension for heartbeat.
https://www.openssl.org/news/secadv_20140407.txt
Most Pharos products are based upon Microsoft libraries, not OpenSSL. Pharos EDI and SignUp rely on Microsoft IIS. MobilePrint relies upon .NET Web-API. These systems use Microsoft SSL libraries, such as SChannel, not OpenSSL.
http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx
Not all supporting libraries are Microsoft. Each Development team is evaluating their non-Microsoft libraries to confirm whether any Pharos products are affected.
Thus far, Development has finished their review of the following products and concluded that they are not affected.
Uniprint - All versions
Blueprint - All versions
MobilePrint - All versions
Omega PSX - Firmware 1.1.4
Omega PS200 - Firmware 1.0.1
Omega PS60 - Firmware 1.1.4
Omega PS60B - Firmware 1.0.0
We'll continue to post updates to this article as we continue evaluating all of our products.
Was this article helpful?