Heartbleed (aka CVE-2014-0160) is a security vulnerability in some versions of the open-source OpenSSL cryptography library. This news post is disclosure of MeetFighters' vulnerability to this exploit.

MeetFighters had a vulnerable version of OpenSSL at the time when the exploit was publicized. :( We have replaced the vulnerable version of OpenSSL with a fixed version the next day.

Who is affected?
Anyone logging in to MeetFighters with https (https://www.meetfighters.com/ instead of http://www.meetfighters.com/).
Was any information stolen?
Unknown, Heartbleed is untraceable. We do not see any suspicious activity, but cannot be sure that no information was stolen.
What do I do?
Change your password if you have been using https to access MeetFighters. Also change your password if you use the same password on another site that was/is vulnerable to Heartbleed.

Admin

Translate
Last edited on 14/4/2014 09:13 by Admin
PermaLink

Comments

0