Sticky Password Users Safe From The New OpenSSL CCS Injection Vulnerability (CVE-2014-0224)

Posted by Pavel Krčma Jun.12, 2014 in Passwords & Security

Just two months after the alarming Heartbleed Bug made headlines, a new OpenSSL vulnerability has been identified.

Labeled as CVE-2014-0224, the new vulnerability is a CCS injection vulnerability that makes it possible for attackers to read communication sent between a client and server. This is known as a ‘man-in-the-middle’ attack, because the attacker is intercepting traffic between the client (you) and the servers that you are communicating with.

While dangerous, the new vulnerability isn’t likely to be as far-reaching as Heartbleed was. Attackers need a man-in-the-middle position in order to intercept the data, and clients that do not use OpenSSL are not affected.

The most-used browsers are safe from this vulnerability when used on a Windows or Apple operating system: Internet Expolorer, Mozilla Firefox, Google Chrome, Apple Safari, among others.

What’s it mean for Sticky Password users?

The Sticky Password servers were updated with the fixes when they became available.

As a Sticky Password customer, your Master Password and your encrypted database are not at risk.

Only you know your Master Password and it is NEVER sent over the Internet. Also, your Sticky Password database is encrypted using the AES 256 encryption algorithm.

Your passwords and personal data are secure in the encrypted Sticky Password database. All data stored in your StickyAccount are secure.

As a reminder, always use a strong unique password for each of your password-protected sites. This protects your other accounts if ever one of your favorite sites is hacked.