Security gap in OpenSSL / Request for change of central password

As a precautionary measure to a world-wide security gap in SSL encryption technology IT Services are asking all users to change their central password.

Mid April 2014 a severe security gap in the encryption library OpenSSL has become known under the name "Heartbleed." Through this gap sensible information can be extracted from affected systems without much effort. Since OpenSSL is the by far most used library for encryption of data and since it secures diverse services such as e-mail or web, this security gap has affected many large systems and platforms that are used by universities.

IT Services has checked all centrally administered services. However, since attacks through the Heartbleed-gap do not leave traces in the affected systems, it cannot be verified whether the gap has been used to extract passwords or certificate data. Therefore we ask all users to change their university account password via https://myaccount.uni-freiburg.de.

More information can be found in our RZ-Wiki.

Your IT Services Team.