Is EventSentry affected by the Heartbleed vulnerability?

Article ID: 256
Category: Security
Applies to: 2.93.x to
Updated: 2014-04-22

By default, EventSentry is not affected by the Heartbleed unless SSL is enabled on the built-in PostgreSQL database.

See below for a list of all EventSentry components:

  • EventSentry Agent: Does not use OpenSSL, not vulnerable
  • EventSentry Heartbeat Agent: Does not use OpenSSL, not vulnerable
  • EventSentry Network Services: Does not use OpenSSL, not vulnerable
  • EventSentry Web Reports: Use JSSE (Java Secure Sockets Extension), not OpenSSL
  • Built-In PostgreSQL Database: Uses OpenSSL, potentially vulnerable - resolved in build

Web Reports
The EventSentry Web Reports utilize Tomcat, which uses JSSE and not OpenSSL by default. If Tomcat was reconfigured to use OpenSSL instead of JSSE, then the web reports will be vulnerable (assuming that SSL was enabled).

PostgreSQL Database
If SSL is enabled in the PostgreSQL database, SSL traffic can be compromised and EventSentry should be updated to the latest version (v3.0.1.78 or higher). For maximum security, the certificate used with PostgreSQL should be re-generated.

If a certificate used in the EventSentry Web Reports was also used in a vulnerable OpenSSL application (e.g. PostgreSQL, Apache, ...), then the certificates should be re-generated even though the Web Reports themselves are not vulnerable.