Back to the list

OpenSSL: "Heartbleed" vulnerability

Tuesday 15 April 2014 18:00:00

Information about the actions taken by Afnic

We were informed on April 8th of a serious vulnerability in the structure of the software OpenSSL, mediatized since a few days under the name of "Heartbleed" vulnerability. Our teams started immediately a safety audit of our whole infrastructure and your data.

It seems that there is no major risk on our essential services such as EPP and extranet. We nevertheless proceeded to the recommended software updates and also noticed that a secondary online service of one of our sites and a network equipment were able to be exposed to this issue and might lead to a risk of compromised certificates. That is why we are proceeding to the replacement of these certificates.

We consider that the risk of data breach regarding EPP and extranet connections remains very low and we take this opportunity to remind you the best practice which consist in changing regularly your passwords. Furthermore, if you use your Afnic's password with other providers, we encourage you to inform you and to remain watchful as for the possible requests which you could receive in the next days related to the issue.

We thank you for your understanding.

 

Lire cette ressource en français Top of the page

About AFNIC

Afnic is the acronym for Association Française pour le Nommage Internet en Coopération, the French Network Information Centre. The registry has been appointed by the French government to manage domain names under the .fr Top Level Domain. Afnic also manages the .re (Reunion Island), .pm (Saint-Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) French Overseas TLDs.
In addition to managing French TLDs, Afnic's role is part of a wider public interest mission, which is to contribute on a daily basis, thanks to the efforts of its teams and its members, to a secure and stable internet, open to innovation and in which the French internet community plays a leading role. As part of that mission, Afnic, a non-profit organization, donates 90% of its profits to its Foundation for Digital Solidarity. Afnic is also the back-end registry for the companies as well as local and regional authorities that have chosen to have their own TLD, such as .paris, .bzh, .alsace, .corsica, .mma, .ovh, .leclerc and .sncf.
Established in 1997 and based in Saint-Quentin-en-Yvelines, Afnic currently has 80 employees.