OpenSSL Heartbleed Bug Vulnerability

 Originally published on April 07, 2014 by Dirk Paessler
Last updated on March 03, 2022 • 3 minute read

Today various security advisories have been published about a serious security leak in the OpenSSL library called "Heartbleed Bug". This library is one of the most common libraries used for SSL encrypted connections on the planet. PRTG Network Monitor also uses this library for all SSL connections (ec-core, probe-core and core-core connections, https webserver and sensors, SNMP v3, etc.).

The good news is: The current stable version (14.x.9) and preview version (14.x.10) of PRTG (and older versions) use OpenSSL version 0.9.8f which is not affected by the leak. Only the current canary version of PRTG (14.x.11) which uses OpenSSL 1.0.1f is affected by the leak.

If you are using canary version 14.x.11 and have it connected to the internet, we advise you to disconnect it and download the newest canary release (update from April, 11th 2014). It uses a new DLL with a version of OpenSSL that is not vulnerable. The canary release is save now!

What versions of OpenSSL are affected?

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Please note:

  • The stable and preview versions of PRTG were never affected by the Heartbleed Bug. You don't have to request new certificates for your instances.
  • Also our shop/CRM servers were never affected. Customers and partner don't need to change their passwords!

Under the following links, you'll find more detailed information about the Heartbleed Bug in OpenSSL: