Many of you have contacted us with concerns on the CVE-2014-0160 vulnerability in OpenSSL, which is better known as the “Heartbleed bug”. This was disclosed on April, Monday 7th. This is a very serious vulnerability that affects a very large number of websites on the internet.
As soon as we were notified of this issue we took measures to fix any potential problems. By Tuesday 8th morning PT, any of the systems we run that required patching were fixed. We also took additional measures (e.g. requested re-issuing certificates, updated keys, etc.) to ensure all systems are protected.
You can access the test here: http://filippo.io/Heartbleed/#www.auth0.com
We'd encourage you to do the same if you are running OpenSSL in any of your apps. As a precautionary measure, we'd also recommend updating your client credentials and keys now (e.g. client secrets). As a good measure for safe security practices, any type of credentials should be rolled over frequently.
Please don't hesitate to contact us if you have any questions!
The Auth0 Team