Yubico Forum

My "HeartBleed"s
Page 1 of 1

Author:  Adrius42 [ Thu Apr 10, 2014 9:05 am ]
Post subject:  My "HeartBleed"s

What if anything should be done to counter the implications of the HeartBleed OpenSSL Vulnerability on the security of our use of Yubikeys in our Organisation?

What are the potential compromises?
What should be done to regain security?

Author:  Tom [ Thu Apr 10, 2014 10:45 am ]
Post subject:  Re: My "HeartBleed"s

All our services have been patched plus:
http://status.yubico.com/2014/04/10/yub ... eartbleed/

Author:  vinaur [ Fri Apr 11, 2014 6:29 pm ]
Post subject:  Re: My "HeartBleed"s

Have the SSL certificates been re-issued for all affected services?

Also, was there any chance of the private keys for the Yubikey getting compromised?

Edit: I mean the private keys stored on Yubico's servers used to decrypt the OTP.

Author:  Tom [ Mon Apr 14, 2014 7:42 am ]
Post subject:  Re: My "HeartBleed"s


Everything was re-keyd

Because of how the YubiCloud works no secrets are ever exposed to such kind of threats (read documentation)

No action is required from Yubico's users side.

Author:  DingoDaddy [ Fri Apr 25, 2014 1:50 pm ]
Post subject:  Re: My "HeartBleed"s

Given what a big deal HeartBleed is I'm surprised the post you link to has not been updated with the confirmation that certificates were reissued but that there is no need for YubiKey user action.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group