Dear Partner,
As you probably notice, a vulnerability has been discovered into OpenSSL. OpenSSL is supposed to protect sensitive data as it travels back and forth. The bug is called "heartbleed" and it compromised the security for a lot of website worldwide.
Please find more details below: http://www.circl.lu/pub/tr-21/ http://www.us-cert.gov/ncas/alerts/TA14-098A http://heartbleed.com/ http://www.cvedetails.com/cve/CVE-2014-0160/
Here is a vulnerability test : http://filippo.io/Heartbleed/
As your partner MANGOPAY recommends to update as soon as possible:
- Openssl library.
- Apache with modssl, spdy.
- Nginx with OpenSSL mods.
- And don’t forget to restart your webserver app (apache restart or nginx) Microsoft products are not affected.
You should treat all private keys as completely compromised if your openssl library is vulnerable.
We hope this was helpful information for you and you could solve that asap. Best Regards, Your MANGOPAY Team