SECURITY

Final status: Splunk and the Heartbleed vulnerability

Dear Splunk users,

We’re expecting this to be our final blog post about how we’re handling the Heartbleed OpenSSL vulnerability (CVE-2014-0160). For background, here are the previous installments from us:

http://blogs.splunk.com/2014/04/09/splunk-and-the-heartbleed-ssl-vulnerability/
http://blogs.splunk.com/2014/04/10/fix-now-available-splunk-and-the-heartbleed-vulnerability/

What’s been done, products and services

We’ve updated and secured our products and services as follows:·

What’s been done, online properties and 3rd-party vendors

We’ve reviewed and secured our major online properties by rekeying and obtaining new certificates. In addition, we have verified with our major vendors that they are not still vulnerable to Heartbleed. If they were vulnerable to Heartbleed, we have taken their recommended remediation actions.

It’s important to note that this is a client bug as well. We’re encouraging you to check your client systems for non-Splunk software that may use OpenSSL and update them as needed.

As a precaution, we’re also recommending that all our customers change their password using this link: https://www.splunk.com/page/update_my_account

Safe Splunking!

----------------------------------------------------
Thanks!
rachel perkins

Splunk
Posted by

Splunk

Join the Discussion