GeoTrust
is aware of the vulnerability, dubbed “Heartbleed”, which is a security concern
for users of OpenSSL, a widely-used opensource cryptographic software library.
It can allow attackers to read the memory of the systems using vulnerable
versions of OpenSSL library (1.0.1 through 1.0.1f). This may disclose the
secret keys of vulnerable servers, which allows attackers to decrypt and
eavesdrop on SSL encrypted communications and impersonate service providers. In
addition, other data in memory may be disclosed, which conceivably could include
usernames and passwords of users or other data stored in server memory.
Merchants have expressed concern over recent media reports of a potential security risk found in OpenSSL called the "Heartbleed" flaw. (a.k.a CVE-2014-0160)
We at 3dcart would like our merchants to know that there is no danger to the security of your stores due to this open SSL flaw.
For the most part, the current flaw is found in older versions of OpenSSL found on certain Unix/Linux based server systems that have not been patched. Rest assured that the the vulnerability is not found on the servers operated by 3dcart.