Security: Heartbleed bug Update in Zoom App

Heartbleed Bug update in zoom app is a serious vulnerability of the famous OpenSSL cryptographic software library. This weakness makes it possible to steal information protected under normal conditions by means of SSL / TLS encryption used to protect the Internet. SSL / TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and some virtual private networks (VPNs).

 

Which version of OpenSSL will be affected?

Status of each version:

・ OpenSSL 1.0.1 to 1.0.1f (including both ends) vulnerability
・ OpenSSL 1.0.1g is not vulnerable
・ OpenSSL 1.0.0 branch is not vulnerable
・ OpenSSL 0.9.8 branch is vulnerable Not

A bug was introduced in OpenSSL in December 2011, and since OpenSSL Release 1.0.1 was released on March 14, 2012, it has been released to the public. OpenSSL 1.0.1g released on April 7, 2014 fixes a bug.

 

How does this affect the Zoom client/app?

  • The Zoom client uses OpenSSL 1.0.0 and is not vulnerable.

 

How does this affect the Zoom cloud?

  • The Zoom application server running on the Zoom cloud uses OpenSSL 1.0.0 and is not vulnerable.
  • Regenerate the secret key *. The new zoom.us certificate has been deployed to AWS ELB.
  • Re-enter the API key and passed all 3rd party service integration.

 

How does this affect the password?

There have been no cases where user data or credentials have been compromised.