Response to the OpenSSL (Heartbleed) Vulnerability
Last Updated: April 11, 2014
The CA Technologies Product Vulnerability Response Team has reviewed our product portfolio and confirmed that this product does NOT utilize a vulnerable version of OpenSSL 1.0.1 ("Heartbleed").
No version of Directory uses a version of a cryptographic library that is vulnerable to CVS-2014-0160 (aka 'Heartbleed'). This includes running CA Directory in FIPs compliant mode which enables the RSA Bsafe™ libraries.
CA Directory uses the CAPKI cryptographic library. The version of OpenSSL used is 0.9.8h and is not affected by this vulnerability.