Product and Support News

Dimension™ 2.0.1 Update 1 Fixes OpenSSL Flaw

Profile picture for user bpatterson

Early this month, I reported a new OpenSSL vulnerability in one of my Daily Security Byte videos. At a high-level, vulnerable OpenSSL servers configured to negotiate Diffie-Hellman keys in a particular way were vulnerable to a "key recovery" attack. By sending many specially crafted connections to a vulnerable server, an attacker could exploit this flaw to recover the server's private key, and decrypt its communications.

Many of WatchGuard products weren't vulnerable to this flaw since we don't configure OpenSSL in the way necessary to expose the issue. However, our log collecter, which is present in both WatchGuard System Manager (WSM) and Dimension™, was vulnerable to the flaw.

Dimension 2.0.1 Update 1 fixes this OpenSSL vulnerability (CVE-2016-0701). If you use Dimension™especially if you expose its logging service publiclyyou should download and install this Dimension™ update as soon as you can. Check the Release Notes for more details on what the update fixes, and how to install it.

Finally, you can learn more about this vulnerability, and how it affects our products, in the Knowledge Base article dedicated to the flaw.— Corey Nachreiner, CISSP (@SecAdept)

Browse by Category



Sign up to get the latest product news, updates, and support alerts from WatchGuard.




Beta Program

Resource Center

End of Life Info

Product Certifications

Product & Support News


"The 443" Podcast


Keep in Touch

  Subscribe by Email

  Subscribe by RSS