Yealink Forums

Has Yealink made a statement regarding the OpenSSL/Heartbleed TLS issue? We use OpenVPN on our T26 & T28 phones and I know the version on our PC's needed updating.

If folks haven't heard about it, check out http://heartbleed.com. This was a very serious vulnerability in OpenSSL that was broken for almost 2 years.

Is there a firmware upgrade necessary or in the works?

Thanks

I think you should upgrade the version of OpenSSL but not Yealink phones.

Is that all?

Guys, are you even taking this seriously enough? Can you elaborate a little?

At least, (imho) you should make an statement regarding what version of OpenSSL, OpenVPN, and whatever https server are you using in the diverse firmwares of your phones, so we can know for sure if can we be affecetd or not.

Given the case, the phones may leak the admin password of the phone, and/or the SIP credentials, anyone of the two serious enough, if you ask me.

In the other hand, i have been checking some terminals with the latest firmware, and the https part seems to be fine, at least.

Regards!

Hi jcvh,

Thanks to your opinions. I have submitted your request to our product department.