Elucidat's Statement Regarding the Recently Disclosed OpenSSL Vulnerabilities

What is OpenSSL?

OpenSSL is an open-source library which deals with SSL and TLS encryption - it is a component running in the background that makes sure when you see “https” in an address in your browser, you can be sure things are secure. 

It is commonly used to generate or manipulate certificates for websites and internally for applications such as Elucidat.

 

What has been announced regarding OpenSSL vulnerabilities?

Often when a security vulnerability is found in widely used software, a CVE (short for Common Vulnerabilities and Exposures) is made publicly available.

On the 1st November 2022, two CVEs were announced regarding the popular software security component OpenSSL:

CVE-2022-3602

CVE-2022-3786

Whilst both potentially allow code to be executed remotely on the server that OpenSSL is running on, they are in reality very hard to exploit.

Added to this is the fact that they only affect a small subset of OpenSSL releases - namely versions 3.0.0 through to 3.0.6, which has not seen widespread adoption.

 

Is Elucidat affected?

No. Elucidat are currently using the 1.1.1 version of OpenSSL, which is unaffected by the two CVEs and still supported by OpenSSL for another year. As such, Elucidat is not affected by these security announcements.

In the meantime, if you have any specific questions or concerns, please feel free to contact us at support@elucidat.com.

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Request support
Access support that’s tailored to you by getting in touch with our Support Team.
Send us feedback
Do you have a new feature request, or want to tell us about something that works well (or not so well) for you? Get in touch!