AppSense Products and the "Heartbleed" SSL Vulnerability
*This blog post was published prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
As has been widely reported, a major security vulnerability has been discovered in the OpenSSL cryptographic library that is widely used to secure Internet-based communication. The vulnerability, dubbed "Heartbleed," has already been used to compromise a large number of the security keys, user names, and passwords used to establish trust on the Internet.
AppSense customers rely on our products to transmit sensitive corporate information between end-user computing devices and your secure data centers. Upon learning of the "Heartbleed" vulnerability, the AppSense development team moved rapidly to assess any potential impact to AppSense and its customers.
Here is a summary of our findings and actions:
DesktopNow: Not Affected
The server infrastructure of our DesktopNow product suite utilizes the Internet Information Server (IIS) role in the Windows Server platform for Internet-based communication. OpenSSL libraries are not part of DesktopNow’s architecture, and therefore DesktopNow is not affected by the Heartbleed vulnerability in any way.
DataNow: Not Affected
The DataNow virtual appliance brokers access to on-premises storage locations, and we are pleased to report that the SSL implementation used in all versions of the DataNow virtual appliance is not vulnerable to the "Heartbleed” attack.
We will continue to monitor the situation closely and update the DataNow appliance's SSL software in accordance with best practices. In the meantime, however, the integrity of communication between the DataNow appliance and client software is not compromised in any way.
MobileNow: Corrective Measures Taken
The cloud-hosted infrastructure for MobileNow also utilizes Linux and OpenSSL. Our development team moved quickly to eliminate the vulnerability by:
- Updating the version of OpenSSL being used.
- Replacing existing certificates.
These changes require no action by MobileNow administrators and will be transparent to all MobileNow end users.
Note: If you use third party load balancing network appliances or servers, or SSL offload gateways, in conjunction with any AppSense product, you should check with the vendor of those devices to ensure they are not affected by the Heartbleed vulnerability.
We realize that security vulnerabilities of this magnitude are a major concern to enterprise IT organizations. We hope that by communicating and acting quickly, we are aiding your assessment and recovery efforts.
Note: Updated April 9th with minor wording changes.
If you have any questions about this, or any other topic, please feel free to contact our technical support team at:
USA, South America and Canada: 1- 866-APPSENSE (27773673)
UK: +44 (0) 845 839 9075+44 (0) 845 839 9075
Germany, Austria and Switzerland: 0800 0007 2900800 0007 290
Australasia: 1 800 631 386
Worldwide: +44 (0) 845 839 907
As always, we're available 24x7 to assist you.