TIBCO Mashery API Developer Blog

OpenSSL Exploit - SSL/TLS MITM vulnerability (CVE-2014-0224)

OpenSSL has released a new exploit notification (CVE-2014-0224), and as with all such exploits, Mashery is working to identify and patch any systems that might be subject to this exploit.

Unlike the previous HeartBleed exploits, we believe this vulnerability did not expose any customer certificate or private key information to an attacker. Whereas, with HeartBleed, customers were required to rotate out their Certificates and generate them with new Private Keys, in this case there is no action needed on the part of Mashery Customers.

We will be providing updates as more information becomes available on this or other security related topics.

Please don't hesitate to contact us via support@mashery.com or via the self service portal (mashery.com/selfservice) should you have any further questions.

Best, Scott

================================
Scott Farnsworth
Director, Technical Services  |  Mashery, Inc.