The Heartbleed Vulnerability: an update for SailPoint IdentityNow customers

Version 1

    At SailPoint we have been closely monitoring the developments around the Heartbleed vulnerability and analyzing any implications for our customers. Heartbleed is a recently publicized vulnerability that can be used to steal user credentials by exploiting web sites using the OpenSSLsoftware library to provide SSL/TLS encryption. For the latest information on this exploit, see the Heartbleed Bug information page at http://heartbleed.com/.  This site is not affiliated with SailPoint, but provides information about the vulnerability.

     

    IdentityNow does use OpenSSL. However, your IdentityNow password and passwords stored within IdentityNow for Single sign-on were not vulnerable to Heartbleed due to the security precautions designed into the IdentityNow service. IdentityNow encrypts passwords at the browser before transmitting them via SSL. This means that user passwords would have been protected even if a hacker had exploited this vulnerability.  While we’re confident that our approach has protected your passwords, we have also installed the required updates on our servers and regenerated all SSL keys to eliminate any threat from this exploit.

     

    If you have questions concerning IdentityNow and the Heartbleed vulnerability, please contact SailPoint technical support.