Is CryptoJS vulnerable to the OpenSSL Heartbleed bug?

We are using CryptoJS in our application. Since CryptoJS uses OpenSSL, are we vulnerable to the Heartbleed bug? If yes, what can we do to prevent it?

Answers


Since 'crypto.js' uses open SSL ,are we vulnerable to heartbleeding attack?

The heartbleed attack is connected to "handling of the Transport Layer Security (TLS) heartbeat extension".

So, heartbleed attack is possible only if crypto.js has TLS / SSL server or client; and you are using its as TLS / SSL server or client.

If you don't use TLS from it, (or if the library has no tls/ssl client as it looks like to be - can't find TLS in sources) - you are not vulnerable to heartbleed.

If yes,what can we do to prevent it?

Update your system's OpenSSL library; Check the servers and clients which are connecting to you for heartbleed vulnerability.


Need Your Help

Google Maps API: String URL Enconding

ios swift google-maps url swift3

I'm using the following code to search for a place:

Code for date formatting not executed but shown in output

php date mysqli

I've tried to fix this for the last 10 minutes without any luck.