Posted: May 1, 2014
The VanDyke ClientPack is not affected by the Heartbleed vulnerability. Regardless of platform and version, the VanDyke ClientPack does not provide SSL/TLS connectivity.
SecureCRT is not affected by the Heartbleed vulnerability. SecureCRT for Windows provides TLS/SSL connectivity (Telnet over SSL protocol), but it does not use any OpenSSL libraries. SecureCRT for supported UNIX platforms does not provide support for Telnet over SSL protocol.
SecureFX on the Windows platform is not affected by the Heartbleed vulnerability. SecureFX for Windows provides TLS/SSL connectivity, but it does not use any OpenSSL libraries.
SecureFX for supported Mac/Linux platforms uses OpenSSL for FTPS protocol support and may be vulnerable to the Heartbleed vulnerability:
In addition to upgrading SecureFX or OpenSSL on vulnerable systems, it is recommended that any SSL certificates, including associated private keys, used by SecureFX be replaced and user passwords should be changed.
|Operating System||OpenSSL Version||Linked||Vulnerable?||Action|
|Ubuntu and RHEL||1.0.1||Dynamic||Possible||Upgrade OpenSSL on OS to a non-vulnerable version|
|Mac OS X||1.0.1||Static|
(SecureFX 7.2.0 through 7.2.3 only)
|Yes||Upgrade to SecureFX 7.2.4 or later|
CERT published an advisory on this vulnerability on April 7, 2014.
CODENOMICON published an advisory on this vulnerability on April 15, 2014.