We tend to agree. There's no presence of the magic string 'HEARTBEAT' in these OpenSSL libraries either. However, they could have been compiled with -DOPENSSL_NO_ERR defined, which would've excluded the error strings.
Regardless, we will continue to monitor for updates from HP.
Thanks for the research and feedback.
↧
Re: Is HP Data Protector 6.2 using vulnerable OpenSSL Heartbleed libraries?
↧