Esri Issues Help to Fight Heartbleed Bug in ArcGIS Products
Esri has issued guidelines for users to protect themselve against the Heartbleed Bug, officially named OpenSSL Vulnerability CVE-2014-0160 (Heartbleed).
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.
Since learning about the vulnerability, Esri staff have been performing maintenance to validate, secure, and patch Esri servers and infrastructure to close this vulnerability and ensure Esri customers are protected.
Esri suggests its customers read its Knowledge Base Technical Article to determine the action required for their particular ArcGIS products and services. As an extra precaution, users may want to change their passwords.
Follow Us