The Network Operations, Engineering, and Security teams at Blue Jeans Network, Inc. have been working diligently to assess the impact on our infrastructure in the wake of April 7 2014 disclosure of CVE-2014-0160, known the as Heartbleed vulnerability in the popular OpenSSL software. Nearly two-thirds (66%) of service providers on the Internet responded to this critical vulnerability in OpenSSL’s handling of heartbeat packets and conducted a comprehensive security review in response.
After our investigation, we have confirmed that the front-end of our primary web application/service "https://bluejeans.com/" was not susceptible to this vulnerability and there is no evidence that any Blue Jeans keys, user credentials or account credentials were compromised.
With that said, there are some portions of our SIP infrastructure that do utilize the OpenSSL libraries and we have completed an upgrade of those libraries on all vulnerable servers to a version that incorporates the fix for the vulnerable code. We have also replaced all of our SSL certificates and keys within our environments to ensure that your meetings remain secure.
We take security very seriously and hope this answers any questions about the impact of CVE-2014-0160 on your Blue Jeans account. Feel free to reach our Customer Support team with follow up questions.
Blue Jeans Network Security Team