Alpha Developers Network

Guest


Author Topic: OpenSSL DROWN Vulnerability fix  (Read 450 times)

0 Members and 1 Guest are viewing this topic.

Steve Wood

  • Administrator
  • Expert
  • *****
  • Posts: 706
  • Karma: +11/-0
    • AlphaToGo
  • Real Name: Steve Wood
OpenSSL DROWN Vulnerability fix
« on: March 22, 2016, 03:20:15 AM »
From Alpha Software: "All versions of Alpha Five and Alpha Anywhere released prior to March 3, 2016 are affected as they use an OpenSSL release with the vulnerabilities discussed in the security advisory."

You can only apply this fix for Alpha Five V11 or later. Previous versions cannot be patched.

Solution is to upload the two attached files and copy them to your Alpha Five/Alpha Anywhere web server installation folder, then restart the machine. You will have to stop the Alpha server in order to overwrite the files.

Test your site here before and after: https://test.drownattack.com

Or test using this utility: https://pentest-tools.com/network-vulnerability-scanning/drown-ssl-scanner

**Backup your original files and do this at your own risk.
« Last Edit: October 29, 2016, 12:22:15 PM by Steve Wood »
---
Steve Wood
www.alphatogo.com

harrison4411

  • Guest
Re: OpenSSL DROWN Vulnerability fix
« Reply #1 on: March 23, 2016, 07:28:20 AM »
Thanks for the files.  I have v11 and no subscription. The install was easy and all works.