What is Citrix doing to address the Heartbleed bug in OpenSSL?
SSL Security Update: Heartbleed bug
This week a vulnerability was disclosed in OpenSSL (CVE-2014-0160), a technology widely used to power encryption across much of the Internet. The vulnerability, referred to as the Heartbleed bug, could result in remote attackers being able to obtain sensitive data.
What is Citrix doing?
Citrix has been actively analyzing the impact of this issue on currently supported products. At this time, we have determined that current versions of GoToAssist, GoToMeeting, GoToTraining, GoToWebinar,GoToMyPC, OpenVoice, Podio and ShareFile as well as our Citrix Labs products (GoToMeet.me, Convoi, Talkboard, Hu.tt) are not vulnerable. Assessment will continue and our monitoring always continues 24/7. UPDATE - Citrix Convoi (April 23, 2014)
The Heartbleed OpenSSL vulnerability in the phone call functionality of Citrix Innovations Labs product, Convoi, has now been remediated. The third party technology that caused the vulnerability has been updated. All current users of Citrix Convoi will be prompted to download an updated version to implement this remediation.
UPDATE - Citrix Convoi (April 18, 2014)
Based on further analysis, we have discovered that Citrix’s Innovation Labs product Convoi is vulnerable to the Heartbleed OpenSSL vulnerability in connection with the phone call functionality (not the chat functionality) of Convoi, due to the fact that the product incorporates third party technology that utilizes a vulnerable version of OpenSSL. We are informed that this vulnerability will be patched soon by the third party and we will update our community and status sites as soon as we have more information. Once this patch is available, users will be required to download the updated version. In the meantime, even though the risk of exploitation is low, we recommend that customers discontinue use of the phone call functionality.
What Can You Do?
Besides Citrix products, we know you trust and rely on many web services both for work and personal use. With so much flux in the Internet right now, we recommend you consider updating passwords and checking to make sure you are using the latest version of products. You can find the latest versions of Citrix products here.
Thanks for choosing Citrix and please continue to use our products with confidence. If you have questions do not hesitate to contact our support team: www.support.citrixonline.com