All Tectia Client and Server versions running on Windows (before version 6.4.19) are vulnerable.
I’m only running Tectia on UNIX, Linux or z/OS, does this affect me?
No, only Windows installations are vulnerable.
I’m using ConnectSecure, is it affected?
Yes. ConnectSecure running on Windows is vulnerable.
I’m using Universal SSH Key Manager, PrivX, Tectia Manager or CryptoAuditor, are they affected?
How likely is it that my system has been a target?
The exploit requires certain non-standard conditions, and that a malicious user is able to access the target system. This was disclosed to us responsibly by Etienne Côté from KPMG-Egyde <firstname.lastname@example.org>. We are not aware of any system having been a target of a malicious attack.
What do I need to do?
Please upgrade all Tectia Clients and Servers that are running under Windows to version 6.4.19.