Alternative Chains Certificate Forgery (CVE-2015-1793)
To all customers,
There is a new high-profile security incident in the news. Identity Automation takes security very seriously and we wanted to update our customers as to the status of our research into the vulnerability in order to minimize risk to your Identity Automation Software Appliances.
On June 24, 2015, the finding of a new "High Severity" openssl vulnerability was announced. The openssl team chose not to disclose details until they had the time to fix the issue and release new builds.
On July 9, 2015, the openssl team released the fixed versions of openssl. Their readme can be found here:
https://www.openssl.org/news/secadv/20150709.txt
Based on the information from this advisory, we have determined that none of our products should be affected due to the actual nature of the vulnerability. However, Identity Automation has proactively validated the openssl versions on our appliances, and found that none are using the vulnerable versions of openssl.
If you have any further questions about this vulnerability, please contact us at support@idauto.net.