Product and Support News

Feb
15

Dimension™ 2.0.1 Update 1 Fixes OpenSSL Flaw

Profile picture for user bpatterson
Categories:

Early this month, I reported a new OpenSSL vulnerability in one of my Daily Security Byte videos. At a high-level, vulnerable OpenSSL servers configured to negotiate Diffie-Hellman keys in a particular way were vulnerable to a "key recovery" attack. By sending many specially crafted connections to a vulnerable server, an attacker could exploit this flaw to recover the server's private key, and decrypt its communications.

Many of WatchGuard products weren't vulnerable to this flaw since we don't configure OpenSSL in the way necessary to expose the issue. However, our log collecter, which is present in both WatchGuard System Manager (WSM) and Dimension™, was vulnerable to the flaw.

Dimension 2.0.1 Update 1 fixes this OpenSSL vulnerability (CVE-2016-0701). If you use Dimension™especially if you expose its logging service publiclyyou should download and install this Dimension™ update as soon as you can. Check the Release Notes for more details on what the update fixes, and how to install it.

Finally, you can learn more about this vulnerability, and how it affects our products, in the Knowledge Base article dedicated to the flaw.— Corey Nachreiner, CISSP (@SecAdept)

Browse by Category


 

EMAIL UPDATES

Sign up to get the latest product news, updates, and support alerts from WatchGuard.

Subscribe

 

Resources


Beta Program

Resource Center

End of Life Info

Product Certifications

Product & Support News

Secplicity

"The 443" Podcast

 

Keep in Touch


  Subscribe by Email

  Subscribe by RSS

   Facebook

  LinkedIn

  Twitter

  YouTube