Call a Specialist Today! 866-981-2998
Free Shipping! Free Shipping!

The Latest 2FA News
Product and Solution Information, Press Releases, Announcements

2FA, Inc. 2FA ONE Not Vulnerable to Heartbleed Bug
Posted: Wed Apr 09, 2014 01:53:45 PM

Austin, TX -- April 9, 2014 -- 2FA, Inc., a cybersecurity company focused on user authenticationand encryption, based in Austin, Texas, has announced that 2FA ONE deployments are notvulnerable to the OpenSSL Heartbleed bug that made widespread news on the Internet onApril 7, 2014.

2FA ONE does not depend on SSL libraries solely and takes security one step further byencrypting sensitive data before it is wrapped in SSL. This procedure protects passwords,PINs, etc, even if SSL should be compromised.

We do recommend that customers look at other web servers, websites, or other hostedapplications they may be using and verify that such areas are not compromised. Also, if asecond web application is running on the same machine as 2FA ONE Server and thatapplication uses an affected OpenSSL library, it is possible that the private key of thecertificate protecting the overall server may be compromised. As such, it would be wise torevoke such a certificate and issue a new one, once the other applications have beenpatched, says Shaun Cuttill, Chief Technical Officer.

All of our customers are protected from this particular vulnerability as far as 2FAs softwareis concerned. Each organization should take care to look at the rest of their applications andservers, as 2FA ONE does not inherently prevent servers running other software from beingvulnerable to this particular attack.

« Return to News List