Welcome, Guest Login

Support Center

OpenSSL HeartBleed Vulnerability Update

Last Updated: Apr 02, 2015 03:30AM PDT

On April 7, the OpenSSL Project released an update to address a vulnerability nicknamed “Heartbleed”.  The vulnerability affects a substantial number of applications and services running on the Internet.

 
Custom Domain Communities SSL

Communities that have been configured with a custom domain are not affected by this issue as these servers did not have a version of SSL that was affected by the Heartbleed issue. 


Communities with SSL

We have worked with our infrastructure provider to update OpenSSL on all our SSL endpoints. However, since this vulnerability made it possible for an attacker to compromise a private key for an extended period of time, for those customers that have their SSL certificates hosted with us, we strongly suggest that customers create a new SSL private key and SSL certificate and upload it to our system. 


Communities with SSO (Single Sign-on Enabled)

If you community has SSO enabled, the community itself is not affected. However, please ensure that the authentication endpoint you have configured is not vulnerable (i.e., the server you're logging in to).

 
Your IdeaScale Password

We encourage all IdeaScale users to reset their IdeaScale account passwords. We do not have any evidence that passwords have been compromised, but any time a large scale vulnerability is discovered, the safest thing to do for your account is to rotate your IdeaScale login credentials. ​

In addition, any sessions that were open at 11:00 PM PST on April 9, 2014 were closed and required re-authentication. This included IdeaScale sessions and Support Center sessions using the Private Portal. The process will occurred between 11:00 PM PT and 12:00 AM PT. 
 
 ​
IdeaScale Certificates

Since this attack could have potentially exposed our own certificates, as a precaution, we've revoked our old certificates and obtained new ones for IdeaScale properties.

Contact Us

support@ideascale.com
http://assets0.desk.com/
false
ideascale
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete