Official Reference: CVE-2014-0160
More Information: heartbleed.com
Researchers have recently announced that a flaw was uncovered in the OpenSSL software, one of the key technologies used to encrypt data transactions on many websites. This flaw is called the Heartbleed Bug.
Mitigation of the Heartbleed OpenSSL vulnerability requires three actions to ensure closing the threat. Paperclip’s use of OpenSSL affected vcf4Life, vcf4Securities, vcf4Compliance and some VCF dedicated customers. eM4Compliant Email and Internet eXpress services were not affected.
- Patch OpenSSL
Paperclip has completed patching internal load balancers which utilize OpenSSL
Patch Completed on: Thursday, April 10,2014 @ 14:30 EST.
- Change SSL Certificates
Paperclip has submitted SSL Certificates change requests for all affected services and will apply them when they become available to us.
- Mandatory Password Change
Paperclip forced a system wide password reset event on Monday April 14, 2014 @ 09:00 EST. If you were not forced to change your password, this means your VCF platform was not affected.
Note: If you utilize our Microsoft Office Add-In, you will also need to change the password there to match the new password you created earlier.
These actions should conclude the recommended remediation for the Heartbleed OpenSSL threat. We appreciate your cooperation during this event.
If you have any additional questions about this upgrade, please contact Paperclip Technical Support at 800-929-3503 or firstname.lastname@example.org