Lieberman Software Corporation have announced that all of its products are secure from the OpenSSL Heartbleed bug.
“There is no use of OpenSSL in any Lieberman Software product, and therefore no vulnerability in our products to the Heartbleed bug,” said Chris Stoneff, Director of Professional Services at Lieberman Software. “Furthermore, because our products run exclusively on Microsoft Windows, our customers’ deployments benefit from the documented and vetted security standards of those platforms.”
The Heartbleed bug potentially exposes any public or private web service that uses OpenSSL. Heartbleed can cause a server to divulge the contents of its memory, including sensitive information such as passwords, usernames, credit card numbers, private keys, and more.
Lieberman Software’s enterprise security products make extensive use of encryption to safeguard data in transit and at rest. The company’s products run on Windows and use Microsoft technology for hosting. Microsoft does not use OpenSSL to encrypt data in transit.
Moreover, the Web Application components of Lieberman Software products use Microsoft Internet Information Services (IIS). IIS is not affected by the Heartbleed bug since it implements its own mechanisms for SSL/TLS.
Because Lieberman Software products and the required infrastructure do not use OpenSSL, customers can feel assured that the company’s products, including Enterprise Random Password Manager (ERPM), are secure from the Heartbleed vulnerability.
Lieberman Software does recommend, however, that anyone who has accessed other services that are secured by OpenSSL change all passwords immediately on those systems. Moreover, administrators should change all account passwords and service account passwords on any system – Linux, UNIX, Solaris, Windows running a third party OpenSSL based application, or network device that has utilized OpenSSL.
Additional recommendations include increasing the frequency of password changes with ERPM so that any compromised passwords will be randomized and therefore unknown to an attacker. High frequency password changes of privileged accounts can also reduce the value of any accounts with captured hashes in the Pass the Hash scenario.
Lieberman Software also advises taking part in a free Privileged Identity Management Risk Assessment. For more information please see www.liebsoft.com/risk.
About Lieberman Software Corporation
Lieberman Software provides award-winning privileged identity management products to more than 1200 enterprise customers worldwide, including nearly half of the Fortune 50. By automatically locating, securing and continuously auditing privileged accounts, both on-premises and in the cloud, Lieberman Software helps protect access to systems with sensitive data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged account management space, and its products, including Enterprise Random Password Manager (ERPM), continue to lead the market. Lieberman Software also provides a mature line of Windows security management tools. The company is headquartered in Los Angeles, CA, with offices and channel partners located around the world. For more information, visit www.liebsoft.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.