-
Title
Expert Assist Remote Mgmt client in DA 9.1 is vulnerable to the “Heartbleed” OpenSSL vulnerability -
Description
Expert Assist Remote Management client in Desktop Authority 9.1 is vulnerable to the “Heartbleed” OpenSSL vulnerability
Researchers have found a critical defect in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library.
-
Cause
For information on the vulnerability known as the "Heartbleed bug," see CVE-2014-0160 on the NIST website and heartbleed.com. An affected version, OpenSSL 1.0.1c is used in the ExpertAssist remote management client. -
Resolution
How does this affect Desktop Authority?
The ExpertAssist remote management client uses a vulnerable version of OpenSSL when receiving inbound remote management connections. The Desktop Authority 9.1 management console is not affected.Workaround
ExpertAssist operates almost exclusively in LAN environments and is usually not Internet facing. The exact vulnerability is determined by your environment. Concerned customers should uninstall the ExpertAssist client via the Desktop Authority management console. A patch for Desktop Authority 9.1 will be available shortly.Status
Sol. 123934 Desktop Authority Remote Management (EA) Hotfix for “Heartbleed” OpenSSL vulnerability
An ExpertAssist patch for Desktop Authority 9.1 was released on Monday, April 21. It can be downloaded from: