Text only | Text with Images

HydrogenAudio

Hydrogenaudio Forum => Site Related Discussion => Topic started by: sven_Bent on 2014-04-17 01:36:14

Title: HeartBleed bug safe ?
Post by: sven_Bent on 2014-04-17 01:36:14
According to this test

https://lastpass.com/heartbleed/?h=www.hydrogenaudio.org (https://lastpass.com/heartbleed/?h=www.hydrogenaudio.org)

hydrogenaudio is not safe against the heartbleed bug.
i would like to hear if that is true or not, and if so, when we can expect an update to close that hole so i can change my password.

Thank you
Title: HeartBleed bug safe ?
Post by: SonsOfSound on 2014-04-18 22:33:36
Well, as it turns out, ones username and password are sent as plaintext when logging in. No encryption in the first place. Anybody can see it that can see your network traffic.
Title: HeartBleed bug safe ?
Post by: sven_Bent on 2014-04-19 02:30:16
Quote from: SonsOfSound on
Well, as it turns out, ones username and password are sent as plaintext when logging in. No encryption in the first place. Anybody can see it that can see your network traffic.


Im not worried about that part. but im guessing what you are saying is that this site does not use openSSL for login  so its not affected?
Title: HeartBleed bug safe ?
Post by: kode54 on 2014-04-19 08:26:52
Hydrogen Audio's server has never been vulnerable, as it runs OpenSSL 0.9.8e. Good old RHEL derivatives.

Also, the https is not even set up for this domain, but another domain, and for some administration only things.
Text only | Text with Images