Announcement

Collapse
No announcement yet.

Miva Empresa Security Bulletin

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Miva Empresa Security Bulletin

    You may or may not be aware that DigiNotar, a certificate authority, had their root CA key stolen and used to generate bad certificates. You can read about it on their Wikipedia page:http://en.wikipedia.org/wiki/DigiNotar

    The default certificates packaged with all Miva Empresa versions since 5.07 include the DigiNotar certificate, which makes us vulnerable to man in the middle attacks using their compromised certificates.


    We will be removing the certificates from future versions of Miva Empresa. In the interim you can fully protect yourself and your customers by deleting those certificates from the certs/ directory.


    The files that need to be removed are:

    Miva Empresa versions 5.11 through 5.15:

    raw/C060ED44CBD881BD0EF86C0BA287DDCF8167478C.pem
    openssl-0.9/c0cafbd2.0
    openssl-1.0/46f053f0.0


    Miva Empresa versions 5.07 through 5.10:

    c0cafbd2.0


    Once those files are removed from the Miva Empresa Certs Directory then your software is no longer vulnerable to this attack in any way.


    If you are an Annual Retail License customer who's hosted with Miva Merchant, Hostasaurus or SimpleNet, then we've already deleted these files from your Certs directory and no action is needed on your part
    .
    Thanks,

    Rick Wilson
    CEO
    Miva, Inc.
    [email protected]
    https://www.miva.com
Working...
X