Paris and San Francisco, April 10th 2014 – CVE-2014-0160 (also called “Heartbleed”) is a vulnerability discovered on April 7th 2014 in OpenSSL versions 1.0.1 to 1.0.1f. The exploit gives access to information that is supposed to be encrypted with TLS/SSL: login, passwords, confidential data, certificate private keys…
inWebo has immediately checked their services and confirms that the version in place (0.9.8) is NOT impacted.
HOWEVER: if you use inWebo webservices (API), you may also be using OpenSSL on your servers. You should check whether the version is impacted. If so, we recommend that you reissue the certificate from inWebo administration console (after updating your OpenSSL version). Please note, however, that in case the vulnerability has been exploited on your server, the information that may have been captured is NOT sensitive as OTP can’t be replayed. There’s therefore no impact on the access to your services.
Don’t hesitate to contact our support team for further details (preferably do that from the administration console).