OpenSSL and security: Should I change my password?

  • In the past few day, there has been considerable media attention about a vulnerability in OpenSSL software , called Heart Bleed . This enables information leakage and thus interception of communications, including any unauthorized access to passwords.
  • The University has been working to identify vulnerable services and secure these quickly. We are now continuing to the quality assurance stage of work. We have no reason to believe that your password has been compromised, BUT services that treat passwords have been exposed so we have no guarantees.
  • As of now there is no basis for mandatory password change, but those who want to change their password just in case, can do it at UiO password change service on https://brukerinfo.uio.no/account/password.php Students can also use the forgotten password service on https://brukerinfo.uio.no/forgotten/password/mobile.php The password change services are secure, so changing your password should be safe.
  • This information will be updated if we find any indication that we are affected to a greater extent and new measures must be taken.
  • Otherwise, we advise all UiO staff and students to be aware of messages from other services they use. If you are asked to change your password on those services, you should do so as soon as possible. We would still encourage you to be aware of false alerts to change your password. Please ensure that you use only legitimate services for password change.  
  • UiO CERT original message to the local IT can be found at: http://www.uio.no/tjenester/it/sikkerhet/cert/aktuelt/20140408-openssl.html
Published Apr. 10, 2014 12:00 PM - Last modified Jan. 9, 2019 10:14 AM
E-mail this page