10 April

Fix Heartbleed vulnerability in Magento

Fix Heartbleed vulnerability in Magento

Heartbleed Bug becomes a top news this days. What is this?, it’s a  vulnerability discovered in the widely used OpenSSL cryptographic software library. Many web users that own servers use this software to secure their stores and transactions.
Although OpenSSL may not be directly used in Magento, it’s used on a lot of web servers where Magento runs on, providing security for connections and transmission of sensitive data. Summarizing, if your Magento website is properly configured, it’s very possbile that your checkout process utilizes OpenSSL library at some point.

 Heartbleed bug makes easy to steal information protected by the SSL/TLS encryption used to secure checkout process on, under normal circumstances, properly configured Magento store. It may sounds terrible, but the fix for this is quick and easy to accomplish.
Many hosting providers have upgraded OpenSSL library, therefore eliminating possible mining of the bug.
 Let’s go into how to check if your server is vulnerable of this:
There are couple online sites that can be used to check if your Magento site is affected by Heartbleed vulnerability: 

Now, how can i fix this?:

 Just upgrade your OpenSSL library, or ask your hosting provider to do so. If you’re managing your own server, perform an OpenSSL update with:
Don’t forget to restart ALL your services that use openSSL [httpd, webmin, etc.]
Unfortunately, there’s no way to know if your store has been affected by this bug, however is a very good idea to change all your relevant passwords and update your SSL keys
Back to Top