Information about PRTG and the Heartbleed Leak
This article applies to PRTG Network Monitor 14 or later
Yes, PRTG does use OpenSSL but our Stable and Preview versions are not affected by the current bug.
Here is a link to the blog article that we wrote about this and I will post the information here again just in case anyone reads this article.
"Today various security advisories have been published about a serious security leak in the OpenSSL library called "Heartbleed Bug". This library is one of the most common libraries used for SSL encrypted connections on the planet. PRTG Network Monitor also uses this library for all SSL connections (ec-core, probe-core and core-core connections, https webserver and sensors, SNMP v3, etc.).
The good news is: The current stable version (14.x.9) and preview version (14.x.10) of PRTG (and older versions) use OpenSSL version 0.9.8f which is not affected by the leak. Only the current canary version of PRTG (14.x.11) which uses OpenSSL 1.0.1f is affected by the leak.
If you are using canary version 14.x.11 and have it connected to the internet, we advise you to disconnect it until an update is available.
We are working on a solution for Canary installations. We will update this blog article as soon we know more about how we will proceed with the Canary version.
What versions of OpenSSL are affected?
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Under the following links, you'll find more detailed information about the Heartbleed Bug in OpenSSL: