Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: HeartBleed bug safe ? (Read 5230 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

HeartBleed bug safe ?

According to this test

https://lastpass.com/heartbleed/?h=www.hydrogenaudio.org

hydrogenaudio is not safe against the heartbleed bug.
i would like to hear if that is true or not, and if so, when we can expect an update to close that hole so i can change my password.

Thank you
Sven Bent - Denmark

HeartBleed bug safe ?

Reply #1
Well, as it turns out, ones username and password are sent as plaintext when logging in. No encryption in the first place. Anybody can see it that can see your network traffic.
the digital delinquent

HeartBleed bug safe ?

Reply #2
Quote from: SonsOfSound on
Well, as it turns out, ones username and password are sent as plaintext when logging in. No encryption in the first place. Anybody can see it that can see your network traffic.


Im not worried about that part. but im guessing what you are saying is that this site does not use openSSL for login  so its not affected?
Sven Bent - Denmark
 

HeartBleed bug safe ?

Reply #3
Hydrogen Audio's server has never been vulnerable, as it runs OpenSSL 0.9.8e. Good old RHEL derivatives.

Also, the https is not even set up for this domain, but another domain, and for some administration only things.