?
Solved

Barracuda SSLVPN Heartbleed Vulnerability

Posted on 2014-04-11
6
Medium Priority
?
515 Views
Last Modified: 2014-04-29
Does anyone have documentation that states that this device is NOT vulnerable.  Barracuda support told me it was not.  When I asked for documentation, they sent a "chat" conversation where they said it was not vulnerable.   The model number is 180.

Thanks in advance!
0
Comment
Question by:sfjcpu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39995900
testing is a good idea - it might not even run openssl. here is a handy testing tool:

https://www.ssllabs.com/ssltest/

And you might want to consider installing one of the firefox or chrome plugins that give realtime display of the "heartbleed" bug whenever you visit a secure server.
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39996248
Use this popular site to test your SSLVPN appliance: http://filippo.io/Heartbleed/ 

I tested ours and found it was not vulnerable.  Which means Barracuda does not use OpenSSL, I suppose.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1000 total points
ID: 39996332
the ssllabs one is more comprehensive, carlo - instead of just testing for one thing, it gives you an assessment of overall security (including HeartBleed), and tells you which platform is being used (which is useful when determining the impact of the bug)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 39996503
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39996539
I did run the SSLLABs on our Barracuda SSLVPN as well.  That was also negative.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39996553
did it specify which engine responded, carlo?
a lot of ssl vpn engines use tomcat (aka coyote) which uses java crypto libraries, not openssl.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question