To all NoMachine users,
an information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. An attacker could use this flaw to obtain up to 64k of memory contents from the client or server, which could potentially lead to the disclosure of private keys and other sensitive information (CVE-2014-0160).
While there is no evidence that the NoMachine Web site was subjected to the attack, the Web server and the other security software has been updated and new keys have been generated. Since the exploit could be used to obtain the passwords of users accessing the customer areas and the forums, all users a strongly invited to reset their password and
generate a new one.
To change the password of the account used in the customer area, log-in to your Customer Area and insert the new password in the Change password form. Click on Modify to complete the operation.
To change the password of the account used in the forums, log-in to the forums and click on My profile to access your Profile Area. Then click on Edit and insert the new password in the Account section. Click on Update profile to complete the operation.