UPDATED: Ipswitch’s Response to Heartbleed SSL Vulnerability

Share this story:Tweet about this on Twitter7Share on LinkedIn24Share on Google+1Share on Facebook7

heartbleed-300x363By now you’ve likely read the articles about the recent vulnerability uncovered in OpenSSL that has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack.

Security is clearly a top priority for Ipswitch and our customers. From the first alert of this vulnerability, the Ipswitch Security Team moved quickly to determine the impact and will issue patch fixes in any case where we find vulnerability. In those cases, we’ve decided to partner with the security community at-large to implement an industry-best solution. We’ll be issuing security patches to disable the OpenSSL heartbeat and will follow-up in the near future with new versions of the OpenSSL library.

UPDATE

Some of Ipswitch’s products were impacted because of our use of OpenSSL. Impacted products include:

  • MOVEit Cloud (has been remediated)
  • MOVEit Mobile for MOVEit File Transfer (DMZ) 8.0
  • WS_FTP Server 7.6
  • WS_FTP Pro 12.4 (Only if accessing a compromised website using SSL)
  • IMail, IMail Secure and IMail Premium versions 12.3 and 12.4

Through your Customer Portal you’ll be able to access instructions to properly implement the Security Update for impacted versions.

Products not impacted by this vulnerability are:

  • WhatsUpGold (WUG) and other WhatsUp tools and network products
  • MOVEit File Transfer (DMZ) when MOVEit Mobile server is not installed
  • MOVEit Central
  • MOVEit Ad Hoc Transfer Plug-in for Outlook
  • MessageWay
  • MOVEit EZ
  • WS_FTP Server versions other than 7.6
  • WS_FTP Pro versions other than 12.4, including WS_FTP LE
  • IMail, IMail Secure and IMail Premium versions other than 12.3 and 12.4

As with any wide reaching story, we understand that our customers may have concerns. We’re here to answer your questions and have developed a list of the ones we’ve heard most frequently on the customer portal.

If you should have any additional questions or concerns, feel free to reach out to the appropriate technical support team:

This entry was posted in Security. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

13 Comments

  1. Posted April 10, 2014 at 11:31 am | Permalink

    Great to see the quick response. FWIW, File Transfer Consulting is tracking vendor responses here: http://www.filetransferconsulting.com/managed-file-transfer-heartbleed-ftp-server/ Feel free to shoot me a note with any updates and I’ll cross-post them there.

    • Cheri Keith Cheri Keith
      Posted April 10, 2014 at 5:09 pm | Permalink

      For sure– will do!

    • Cheri Keith Cheri Keith
      Posted April 11, 2014 at 2:40 pm | Permalink

      Hi Jonathan– blog is updated with full info. Same link, so you should be all set! *CK

  2. mbergeron@hcs
    Posted April 11, 2014 at 10:23 am | Permalink

    So, not a whole lot of details there. You’ll follow up with updates *if* you find vulnerabilities??? How about issuing a list of “here are those that are not affected” so we know whether we can notify our clients rather than keep waiting?

    • Cheri Keith Cheri Keith
      Posted April 11, 2014 at 2:12 pm | Permalink

      Hi Marc– the blog has been updated with the full information, most importantly, where you can get the fixes through the Portal. An email communication is also out. *CK

  3. Phillip Griffith
    Posted April 14, 2014 at 2:33 pm | Permalink

    What about MOVEIt Freely? Affected, or not?

    • Cheri Keith Cheri Keith
      Posted April 14, 2014 at 3:55 pm | Permalink

      Hi Phillip– MOVEit Freely is not impacted. Thanks for reading. *CK

  4. John Vermeal
    Posted April 15, 2014 at 2:21 pm | Permalink

    Sorry if this should be obvious from the info posted above, but I’ve been asked to get specific confirmation: WS_FTP Pro Verion 12.3 is unaffected; correct?

    • Cheri Keith Cheri Keith
      Posted April 15, 2014 at 2:43 pm | Permalink

      Hi John– you are correct, WS_FTP Professional V12.3 is not impacted. Thanks for reading. *CK

  5. toine jansen
    Posted April 18, 2014 at 4:30 am | Permalink

    Hello,
    we are usung WS_FTP professions 2007.0.0.2-207.02.09.
    Is it effected?

    • Cheri Keith Cheri Keith
      Posted April 18, 2014 at 9:22 am | Permalink

      Hi Toine– the only WS_FTP Pro product that was impacted was WS_FTP Pro 12.4 and Only if accessing a compromised website using SSL. *CK

  6. Joshua Leonard
    Posted April 24, 2014 at 9:53 am | Permalink

    You mentioned that the following is not affected:

    • WS_FTP Server versions other than 7.6

    Does this mean older versions such as 7.5.1 are also not affected?

    • Cheri Keith Cheri Keith
      Posted April 24, 2014 at 9:58 am | Permalink

      Hi Josh– yes, you are reading that correctly. Previous to WS_FTP Server are not impacted. Thanks for reading– let us know if you have any other questions. *CK

Leave a Reply