Emerging Risk: April 2014, “Heartbleed” Vulnerability in OpenSSL

There is growing media coverage regarding the “Heartbleed” vulnerability. It will arise in Credit Unions that make use of open SSL. This vulnerability will be mitigated in part by Credit Unions who use Microsoft Internet Information Services. Credit Unions more likely to be exposed to this vulnerability make use of Linux which is widespread. Credit Unions that are not as likely to be exposed to this vulnerability are Credit Unions who may be behind on their patch management. As the vulnerability was introduced into the code in 2012 those who have done more recent updates to their firewalls, routers or anything with a GUI interface protected by SSL will have a greater likelihood of being exposed to this vulnerability. Our guideline lays out the technical details of the vulnerability along with suggested tools and mitigation steps for you to address this vulnerability.

PRA Risk Advisory April 2014 HeartBleed Vulnerability pdf- April 09 2014 v2.0

Leave a Reply

Close Menu