April 10, 2014
This is an update regarding the widespread OpenSSL “Heartbleed” vulnerability being experienced by millions of secure websites around the world. Additional information regarding the bug can be found at http://heartbleed.com/.
Although this issue is not specific to Desire2Learn software, our team is currently in the final stages of assessing which Desire2Learn product offerings may be impacted. We expect to have this assessment completed by Friday, as part of the plan outlined in our previous communication.
The majority of Desire2Learn’s services do not use the vulnerable versions of OpenSSL. Preliminary assessment has shown the following results:
· Desire2Learn Insights™
· Desire2Learn Capture
· Desire2Learn ePortfolio
· Holding Tank
· IPSCT (Collaborate, Adobe Connect, WebEx)
· IPSIS – LIS
· Desire2Learn Learning Environment
· Desire2Learn LeaP
· Desire2Learn Learning Repository -> SOLR
· Mobile Products
· Video Note™
· Binder™ Distributed Logout Services
· Binder Shop
· IPAS (Shibboleth®)
Shibboleth, a third-party application used for Single Sign-On integration, has been identified as susceptible to this vulnerability and remediation plans are currently under development. Several of our vendors are also continuing to assess the “Heartbleed” vulnerability with respect to their own product offerings. We’re continuing an ongoing dialogue with them to determine if there are any potential issues. Simultaneously, we are also working to ensure our IT infrastructure is free of the vulnerability.
Although there have been no indications that any of our clients’ information was compromised as a result of the vulnerability, we believe it prudent to re-key certificates once our team is satisfied there are no vulnerable versions of OpenSSL in our environment. Along with re-keying of certificates we will also strongly recommend the implementation of password changes, which—depending on the configuration of certain integrations—may require intervention by the client.
We will provide an additional progress update early next week. In the meantime, please continue to refer to the support portal for more information.
Vice President, SaaS, Services & Support