Ipswitch Blog

UPDATED: Ipswitch’s Response to Heartbleed SSL Vulnerability

| April 10, 2014 | Secure File Transfer

heartbleed-300x363By now you’ve likely read the articles about the recent vulnerability uncovered in OpenSSL that has affected vendors and companies that rely on this near-ubiquitous open source security protocol. In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack.

Security is clearly a top priority for Ipswitch and our customers. From the first alert of this vulnerability, the Ipswitch Security Team moved quickly to determine the impact and will issue patch fixes in any case where we find vulnerability. In those cases, we’ve decided to partner with the security community at-large to implement an industry-best solution. We’ll be issuing security patches to disable the OpenSSL heartbeat and will follow-up in the near future with new versions of the OpenSSL library.

UPDATE

Some of Ipswitch’s products were impacted because of our use of OpenSSL. Impacted products include:

  • MOVEit Cloud (has been remediated)
  • MOVEit Mobile for MOVEit File Transfer (DMZ) 8.0
  • WS_FTP Server 7.6
  • WS_FTP Pro 12.4 (Only if accessing a compromised website using SSL)
  • IMail, IMail Secure and IMail Premium versions 12.3 and 12.4

Through your Customer Portal you’ll be able to access instructions to properly implement the Security Update for impacted versions.

Products not impacted by this vulnerability are:

  • WhatsUpGold (WUG) and other WhatsUp tools and network products
  • MOVEit File Transfer (DMZ) when MOVEit Mobile server is not installed
  • MOVEit Central
  • MOVEit Ad Hoc Transfer Plug-in for Outlook
  • MessageWay
  • MOVEit EZ
  • WS_FTP Server versions other than 7.6
  • WS_FTP Pro versions other than 12.4, including WS_FTP LE
  • IMail, IMail Secure and IMail Premium versions other than 12.3 and 12.4

As with any wide reaching story, we understand that our customers may have concerns. We’re here to answer your questions and have developed a list of the ones we’ve heard most frequently on the customer portal.

If you should have any additional questions or concerns, feel free to reach out to the appropriate technical support team:

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries
[ do default stuff if no widgets ]

Reader Comments

  1. So, not a whole lot of details there. You’ll follow up with updates *if* you find vulnerabilities??? How about issuing a list of “here are those that are not affected” so we know whether we can notify our clients rather than keep waiting?

    1. Hi Marc– the blog has been updated with the full information, most importantly, where you can get the fixes through the Portal. An email communication is also out. *CK

  2. Sorry if this should be obvious from the info posted above, but I’ve been asked to get specific confirmation: WS_FTP Pro Verion 12.3 is unaffected; correct?

    1. Hi Toine– the only WS_FTP Pro product that was impacted was WS_FTP Pro 12.4 and Only if accessing a compromised website using SSL. *CK

  3. You mentioned that the following is not affected:

    • WS_FTP Server versions other than 7.6

    Does this mean older versions such as 7.5.1 are also not affected?

    1. Hi Josh– yes, you are reading that correctly. Previous to WS_FTP Server are not impacted. Thanks for reading– let us know if you have any other questions. *CK

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.