Heartbleed

  • 2
  • Question
  • Updated 5 years ago
  • Answered
  • (Edited)
What is Sharefile's position in relation to the Heartbleed vulnerability?
Photo of Bill Stone

Bill Stone

  • 1 Post
  • 0 Reply Likes

Posted 5 years ago

  • 2
Photo of Ashlee Burch

Ashlee Burch

  • 676 Posts
  • 32 Reply Likes
Hi Bill,

Thank you for your inquiry. ShareFile, along with all of Citrix products are operational and there is nothing to report at this time. We are aware of the current news about vulnerabilities with OpenSSL and are continuously monitoring and running system analysis with the goal to protect our users’ data.  As is our practice, we will post any material status updates on status.sharefile.com.

Please feel free to contact us if you have any other questions and we will do our best to help you further.

(Edited)
Photo of Julian Alarcon

Julian Alarcon

  • 1 Post
  • 0 Reply Likes
Hi, we need more extended answers, are you using OpenSSL, which version, do we need (ShareFile customers) change passwords?
Photo of Steve Mason

Steve Mason

  • 2 Posts
  • 0 Reply Likes
Nothing to report? Sorry, we need a hard answer. Is Sharefile vulnerable to the openssl bug or not? Should be pretty easy (and important) to find out.

Photo of Patrick Chase

Patrick Chase

  • 2 Posts
  • 0 Reply Likes

As the earlier posters request, we need an update that mentions the level of vulnerability, not operability.

Photo of Ashlee Burch

Ashlee Burch

  • 676 Posts
  • 32 Reply Likes
Hi All,
We do understand your interest in this matter and I assure you that it is being addressed. Analysis of all Citrix products is in progress, details on these will be added to this link as soon as they are available. Please check this document regularly for updates. http://support.citrix.com/article/CTX140605 also, please continue to check status.sharefile.com for updates related directly to ShareFile.
Photo of jpcjersey

jpcjersey

  • 1 Post
  • 0 Reply Likes
NOT GOOD ENOUGH!!! - Citrix are supposed to be a company with security at its core, yet you can not confirm or deny if you have a vulnerability ??????
Photo of Steve Mason

Steve Mason

  • 2 Posts
  • 0 Reply Likes
Wow, I'm speechless. I expect more from Citrix.

Photo of Keith

Keith

  • 1 Post
  • 0 Reply Likes
Is there any update regarding this? This is important to client security and we are basically being told that this is being swept under the rug. Can we get ANY information about this? There could be quite simple answers. What is the backbone, Linux, Microsoft, what? Have you begun rolling Certificate Keys?
Photo of Justin Nuzum

Justin Nuzum, Official Rep

  • 25 Posts
  • 3 Reply Likes
All - Thank you for your patience. Our response can be found here -

https://community.sharefilesupport.com/citrixsharefile/topics/citrixs_response_to_heartbleed