• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 567
  • Last Modified:

Barracuda SSLVPN Heartbleed Vulnerability

Does anyone have documentation that states that this device is NOT vulnerable.  Barracuda support told me it was not.  When I asked for documentation, they sent a "chat" conversation where they said it was not vulnerable.   The model number is 180.

Thanks in advance!
0
sfjcpu
Asked:
sfjcpu
  • 3
  • 2
2 Solutions
 
Dave HoweSoftware and Hardware EngineerCommented:
testing is a good idea - it might not even run openssl. here is a handy testing tool:

https://www.ssllabs.com/ssltest/

And you might want to consider installing one of the firefox or chrome plugins that give realtime display of the "heartbleed" bug whenever you visit a secure server.
0
 
Carlo-GiulianiCommented:
Use this popular site to test your SSLVPN appliance: http://filippo.io/Heartbleed/ 

I tested ours and found it was not vulnerable.  Which means Barracuda does not use OpenSSL, I suppose.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
the ssllabs one is more comprehensive, carlo - instead of just testing for one thing, it gives you an assessment of overall security (including HeartBleed), and tells you which platform is being used (which is useful when determining the impact of the bug)
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
Carlo-GiulianiCommented:
I did run the SSLLABs on our Barracuda SSLVPN as well.  That was also negative.
0
 
Dave HoweSoftware and Hardware EngineerCommented:
did it specify which engine responded, carlo?
a lot of ssl vpn engines use tomcat (aka coyote) which uses java crypto libraries, not openssl.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now