A serious security vulnerability was recently discovered in the very popular Open Source cryptographic software engine named OpenSSL. This vulnerability, The Heartbleed Bug, could allow an attacker to access the memory of an OpenSSL-based application, extract data, and potentially decrypt and access sensitive information from the system.
Heartbleed, introduced into the OpenSSL 1.0 source branch in December 2011, has an official Common Vulnerabilities and Exposure (CVE) code of CVE-2014-0160.
SRT’s products are not vulnerable to the security risk, but we do have a vested interest in these sorts of breaches. As not only a provider of security software, but also a consumer of it, we realize the trust consumers must place in the vendors of their products. We value the trust our customers have in our company and our products.
We offer SSL in all of our popular Windows products, including WebDrive, Titan FTP Server, and Cornerstone MFT Server. Since late 2009, we have used Microsoft’s Cryptographic engine, which ships natively with the OS for all SSL-based operations in our software. Therefore, the Heartbleed vulnerability doesn’t apply to our software.
Prior to 2010, SRT’s Titan FTP Server and WebDrive for Windows products were based on an older, non-vulnerable OpenSSL 0.9.8 branch of the source code. This branch pre-dates the vulnerability’s injection into the OpenSSL v1.0 source branch and therefore does not contain the bug.
While we can make every assurance that our products do not leverage OpenSSL, we want you, the customer, to be certain. Therefore, we are offering a complimentary upgrade to any SRT customer who still has an older version of WebDrive or Titan FTP Server released prior to January 2010. This would include all editions of Titan FTP Server v7 and earlier, and WebDrive for Windows v9 and earlier. This offer will be available until May 31, 2014.
If you are currently using any of these products and would like a complimentary upgrade to the latest releases, including an additional 12 months of technical support, please contact our main offices at 443.603.0290 or email us at email@example.com.
We value the confidence placed in our company and our products and look forward to continuing to provide the best secure file transfer software possible.
South River Technologies, Inc.