Are Symantec Data Loss Prevention (DLP) releases affected by the “Heartbleed” OpenSSL vulnerability (CVE-2014-0160)?
book
Article ID: 160063
calendar_today
Updated On:
Products
Data Loss PreventionData Loss Prevention EnforceData Loss Prevention Enterprise SuiteData Loss Prevention Plus Suite
Issue/Introduction
A defect in the TLS/DTLS implementations of OpenSSL 1.0.1 - 1.0.1f may allow an attacker to obtain sensitive data including private keys via the Heartbeat extension of OpenSSL.
Resolution
Symantec Data Loss Prevention (DLP) releases are NOT affected, as these do not use OpenSSL versions that are susceptible to this defect.