On April 7th the world was made aware of a critical vulnerability in the infrastructure that secures much of the information exchanged across the web. The vulnerability, which came to be known as The Heartbleed Bug, resided in the OpenSSL library used by millions of websites to encrypt information exchanged between their servers and their users’ web browsers. Leveraging the vulnerability, hackers could eavesdrop on private communications between a user and a website, and with time and luck, use the obtained information to impersonate users and gain access to private information.
Much like millions of other services, from Google to Facebook, Vtiger uses the OpenSSL library, too. Within hours of receiving the vulnerability report, our servers had been patched against the vulnerability. Rest assured that your data is safe.
Although information about the but was made publicly available on April 7th, it has existed in the OpenSSL library since March of 2012. During that period, motivated parties aware of the bug may have been able to obtain the private security key used to decrypt data transmitted between Vtiger and your browser. While our investigations have thus far not revealed any such attempts, as a precautionary measure we have replaced our site’s security certificates, eliminating all preexisting keys.
As an additional safeguard, we strongly recommend that our users change their Vtiger passwords.
If you have any issues logging in to Vtiger as a result of the newly deployed certificate, please clear your browser cache and retry (instructions to clear browser cache).
For more information about the Heartbleed bug, please visit:
