Security vulnerability in OpenSSL 1.0.1 and neXus Hybrid Access Gateway 5.2

Today a very serious security issue was reported from the OpenSSL team. OpenSSL 1.0.1 is the engine neXus Hybrid Access Gateway 5.2 uses to secure HTTPS traffic. The issue, called Heartbleed, enables an attacker to read memory from the server and it’s possible to extract important information and also key material from the server.

neXus Hybrid Access Gateway 5.0, 5.1 and PortWise Access Manager and PortWise Authentication Server uses OpenSSL 0.9 or 1.0.0a and is not affected by the Heartbleed attack. 

If you run neXus Hybrid Access Gateway 5.2.0 or 5.2.1 you must change and revoke your SSL certificates and update your system with neXus Hybrid Access Gateway 5.2.2. We will send out new information as soon as neXus Hybrid Access Gateway 5.2.2 is available for download.

Official documentation can be found here https://www.openssl.org/news/secadv_20140407.txt

More details about the attack can be found on http://heartbleed.com/

Contact neXus support if you have any further questions or need help with your system.