To help personalise content, tailor your experience and help us improve our services, Bisinfotech.com uses cookies.
By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

Array Networks Products are intact from OpenSSL DROWN Vulnerability

Array Networks

Array Networks announces that its Array Networks products are NOT exposed to the DROWN vulnerability. As described on the DROWN Attack Website, DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security.

Unlike hardware and software vendors that have integrated OpenSSL into their core product and service offerings or rely on SSLv2, Array is unaffected because the company is known to use a proprietary SSL stack to process SSL, TLS and DTLS service traffic. Array also does not permit the use of the weak SSLv2 protocol.

Array products – including APV, vAPV, AG, vxAG and even end-of-sale TMX and SPX products – use a proprietary SSL stack to process all SSL, TLS and DTLS service traffic. Therefore, service traffic on Array products is unaffected by the OpenSSL DROWN vulnerability. Further, because the use of SSLv2 is not allowed, the impact of the latest OpenSSL vulnerability is fully mitigated

DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

“As a leader in application delivery, we are happy to report that Array is not affected by the DROWN vulnerability,” said Michael ZhaoPresident and CEO of Array Networks. “The time and attention we pay to creating our own implementations not only deliver superior performance, scalability and economics for customers that transact business on the Web, it also ensures that customers are not exposed to vulnerabilities that so often arise from use of open technologies.”

Customers using Array application delivery solutions do not need to take any measures to patch or remediate the company’s products. Moreover, companies offloading SSL on Array appliances benefit from a “first line of defense” that mitigates exposure to the DROWN vulnerability in the event that other elements in the network are affected.

Additionally, the company also claims to be unaffected by other recent vulnerabilities including Heartbleed, BASH and a number of other OpenSSL and general security advisories.

Tags
Show More

BiS Team

BIS Infotech is a vivid one stop online source protracting all the exclusive affairs of the Consumer and Business Technology. We have well accomplished on delivering expert views, reviews, and stories empowering millions with impartial and nonpareil opinions. Technology has become an inexorable part of our daily lifestyle and with BIS Infotech expertise, millions of intriguers everyday are finding for itself a crony hangout zone.

Related Articles