In order to maintain their excellent reputation for secure software, Alt-N Technologies, developer of Exchange alternative MDaemon Messaging Server, continually perform rigorous testing across their portfolio of products, including both current and historic releases.
A new SSL vulnerability is doing the rounds this morning, known as POODLE, or Padding Oracle On Downgraded Legacy Encryption.
POODLE is a newly disclosed vulnerability in the legacy SSL 3.0 protocol that could be exposing users of newer Transport Layer Security (TLS) encryption protocols to risk.
If exploited, the POODLE flaw could potentially enable an attacker to access and read encrypted communications.
Alt-N Technologies (the developers of MDaemon and SecurityGateway) and MailStore have both confirmed the security flaw to OpenSSL, known as Heartbleed, does not impact any of their products.
However as IT professionals you may well be using other Open SSL internet facing services on your network so if you have any concerns, we recommend you take the time to run a quick scan by entering the site details using one of the following websites.
As a side note If you are interested in knowing even more detail about the SSL cipher versions your server supports this search is particularly detailed.
Research In Motion™ have just released an important security patch for the BlackBerry Enterprise Server platforms that could potentially affect MDaemon Messaging Server.
This patch addresses a vulnerability in BlackBerry Enterprise Server (BES) that process images and so only affects MDaemon installations that have the optional BES server installed.
If you’re an MDaemon customer running the BES component we recommend you follow the instructions in this knowledge base guide to be on the safe side.