Solved

Barracuda SSLVPN Heartbleed Vulnerability

Posted on 2014-04-11
6
496 Views
Last Modified: 2014-04-29
Does anyone have documentation that states that this device is NOT vulnerable.  Barracuda support told me it was not.  When I asked for documentation, they sent a "chat" conversation where they said it was not vulnerable.   The model number is 180.

Thanks in advance!
0
Comment
Question by:sfjcpu
  • 3
  • 2
6 Comments
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39995900
testing is a good idea - it might not even run openssl. here is a handy testing tool:

https://www.ssllabs.com/ssltest/

And you might want to consider installing one of the firefox or chrome plugins that give realtime display of the "heartbleed" bug whenever you visit a secure server.
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39996248
Use this popular site to test your SSLVPN appliance: http://filippo.io/Heartbleed/ 

I tested ours and found it was not vulnerable.  Which means Barracuda does not use OpenSSL, I suppose.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 39996332
the ssllabs one is more comprehensive, carlo - instead of just testing for one thing, it gives you an assessment of overall security (including HeartBleed), and tells you which platform is being used (which is useful when determining the impact of the bug)
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 39996503
0
 
LVL 12

Expert Comment

by:Carlo-Giuliani
ID: 39996539
I did run the SSLLABs on our Barracuda SSLVPN as well.  That was also negative.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39996553
did it specify which engine responded, carlo?
a lot of ssl vpn engines use tomcat (aka coyote) which uses java crypto libraries, not openssl.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now