Is Symantec Encryption Desktop vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?

search cancel

Is Symantec Encryption Desktop vulnerable to the OpenSSL "Heartbleed" attack (CVE-2014-0160)?

book

Article ID: 159179

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Encryption Suite PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Only OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) are affected by the "Heartbleed" bug (CVE-2014-0160). Versions below 1.0.1 (such as 0.9.8) are not affected.

Resolution

Symantec Encryption Desktop, Symantec Drive Encryption, PGP Desktop, and PGP Whole Disk Encryption do not utilize openssl and therefore are not vulnerable to this attack.

Feedback

thumb_up Yes

thumb_down No