The Heartbleed security vulnerability in the commonly used OpenSSL that was detected last week, has left millions of accounts and passwords exposed. This attack exposes user data through malicious use of the Transport Layer Security “Heartbeat” extension.
We are happy to report that our appliances main functionality is entirely based on Windows Server software and Microsoft doesn’t use OpenSSL, it uses Schannel (Secure Channel) which is not affected in any shape or form by the vulnerability.
In some of our appliances, we do have an IPMI (Intelligent Platform Management Interface) function that has an optional connectivity to a network. In this case, there is an OpenSSL authentication, however, it uses a version of Open SSL that is not impacted by the vulnerability.
In conclusion, the entire range of Celestix appliances is not affected by the Hearthbleed bug.
If you have any questions, you can write to us at globalsupport@celestix.com or call us at (510) 668-0700. We’re here to help.