MeetFighters News
Heartbleed
Heartbleed (aka CVE-2014-0160) is a security vulnerability in some versions of the open-source OpenSSL cryptography library. This news post is disclosure of MeetFighters' vulnerability to this exploit.
MeetFighters had a vulnerable version of OpenSSL at the time when the exploit was publicized. :( We have replaced the vulnerable version of OpenSSL with a fixed version the next day.
- Who is affected?
- Anyone logging in to MeetFighters with https (https://www.meetfighters.com/ instead of http://www.meetfighters.com/).
- Was any information stolen?
- Unknown, Heartbleed is untraceable. We do not see any suspicious activity, but cannot be sure that no information was stolen.
- What do I do?
- Change your password if you have been using https to access MeetFighters. Also change your password if you use the same password on another site that was/is vulnerable to Heartbleed.
Admin
Hozzászólások
0