Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Heartbleed" page has been changed by SebastianBazley: https://wiki.apache.org/tomcat/Security/Heartbleed?action=diff&rev1=5&rev2=6 Comment: Mention wild-card certificates == Is there anything else I need to do? == + Yes: you need to change any password that ever traversed any HTTP server that was using the potentially compromised certificate. If the certificate was a wildcard certificate, then a single vulnerable server would be sufficient to compromise the certificate and thus the traffic on all other servers using the same certificate. + - Yes: you need to change any password that ever traversed your HTTP server while vulnerable. That pretty much means you have to change all passwords, and notify your users that they should change all their passwords as well. Unfortunately, any other sensitive information that traversed your server should be consider compromised. In many cases, there is nothing to be done unless that information can be changed (credit card numbers, account numbers, passwords etc.). + That pretty much means you have to change all passwords, and notify your users that they should change all their passwords as well. Unfortunately, any other sensitive information that traversed your server should be consider compromised. In many cases, there is nothing to be done unless that information can be changed (credit card numbers, account numbers, passwords etc.). == What about servers for services that I use personally? == --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
