What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Does PRTG Use OpenSSL?

Votes:

0

Due to all the recent coverage of the Heartbleed vulnerability in OpenSSL, we are auditing all internal and external SSL/TLS systems, including PRTG. Does the embedded web server use the OpenSSL library for HTTPS encryption? If so, what version?

For a brief overview of the Heartbleed vulnerability, here is an article that discusses the issue: http://readwrite.com/2014/04/08/heartbleed-openssl-bug-cryptography-web-security

heartbleed https prtg security ssl tls

Created on Apr 9, 2014 3:15:06 PM



2 Replies

Accepted Answer

Votes:

0

Information about PRTG and the Heartbleed Leak

This article applies to PRTG Network Monitor 14 or later

Yes, PRTG does use OpenSSL but our Stable and Preview versions are not affected by the current bug.

Here is a link to the blog article that we wrote about this and I will post the information here again just in case anyone reads this article.

"Today various security advisories have been published about a serious security leak in the OpenSSL library called "Heartbleed Bug". This library is one of the most common libraries used for SSL encrypted connections on the planet. PRTG Network Monitor also uses this library for all SSL connections (ec-core, probe-core and core-core connections, https webserver and sensors, SNMP v3, etc.).

The good news is: The current stable version (14.x.9) and preview version (14.x.10) of PRTG (and older versions) use OpenSSL version 0.9.8f which is not affected by the leak. Only the current canary version of PRTG (14.x.11) which uses OpenSSL 1.0.1f is affected by the leak.

If you are using canary version 14.x.11 and have it connected to the internet, we advise you to disconnect it until an update is available.

We are working on a solution for Canary installations. We will update this blog article as soon we know more about how we will proceed with the Canary version.

What versions of OpenSSL are affected?

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable Under the following links, you'll find more detailed information about the Heartbleed Bug in OpenSSL:

Heartbleed.com

OpenSSL.org

Created on Apr 9, 2014 4:11:18 PM by Greg Campion [Paessler Support]

Last change on Apr 9, 2014 4:16:53 PM by Greg Campion [Paessler Support]



Votes:

0

Thanks for the quick answer on this. I missed the blog article in my searching here on the KB and in the press releases section. We are happy to know the version we are running is not affected!

Created on Apr 9, 2014 6:03:02 PM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.