OpenSSL has announced a Security Advisory today related to a severe vulnerability in OpenSSL library (CVE-2015-1793).

According to a report published by, the issue was first reported by Adam Langley and David Benjamin of Google/BoringSSL, on June 24, 2015. The vulnerability only affects few OpenSSL versions including 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o. The vulnerability can be used to compromise any application that verifies certificates including SSL and TLS.

In simple words, this vulnerability can allow an attacker to mask himself as an authentic server, and in turn fool a user into submitting his/her sensitive information.

We at PureVPN want to reassure our users that our services are completely safe and protected against the CVE-2015-1793 OpenSSL vulnerability. As aforementioned, the vulnerability only exists in recent versions of OpenSSL.

As a standard practice, we only employ the most stable and production tested upgrade versions of software and servers, which includes OpenSSL. Another important point to be noted is that not every standard OS release is vulnerable to this threat.

According to the ‘Security Advisory’ published by OpenSSL, users who run a custom system or have a recent version of OpenSSL installed are most vulnerable to this bug. In such a scenario, OpenSSL 1.0.2b/1.0.2c users are urged to upgrade to 1.0.2d, whereas those with OpenSSL 1.0.1n/1.0.1o should upgrade to 1.0.1p.

After the ‘Heartbleed’ fiasco, OpenSSL has made it a point of pre-announcing high-severity security bug fixes. Coincidentally, media isn’t doing any service by hyping these upcoming releases as the ‘Next Heartbleed’. Tim Erlin, Director of Product Management at Tripwire said:

“There’s an interesting cycle with OpenSSL vulnerabilities after Heartbleed. OpenSSL pre-announces a high severity vulnerability, which causes the information security community to start making noise about the ‘next Heartbleed,”

So far, this has not been the case. And, with PureVPN, users don’t have to worry about the threat of the ‘Next Heartbleed’. Your favorite VPN is secure and our first priority is to offer the best solution for complete internet freedom to our users.

* For more information about the bug check out this followup article by The State of Security.

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 750+ servers in 141 countries, PureVPN helps consumers and businesses in keeping their online identity secured.

Have Your Say!!

Join 1 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.