Security Notice on CCS / CVE-2014-0224

June 06, 2014

On June 5 another vulnerability in OpenSSL, ChangeCipherSpec (CCS) Injection Vulnerability, was announced. Released as CVE-2014-0224, the advisory warns that nearly all versions of OpenSSL are vulnerable to man-in-the-middle (MITM) attacks.

After learning about the CVE-2014-0224 vulnerability, the Wealthfront team immediately deployed an updated OpenSSL library on all customer-facing servers.

Further Resources for ChangeCipherSpec Help

We recommend auditing all OpenSSL systems and upgrading all systems using OpenSSL library versions. Here are some resources we found useful in our response to this disclosure:

As always, if you have any questions about the security of your Wealthfront account, contact us at support@wealthfront.com. We will continue to monitor this issue as the community and vendors investigate this vulnerability further.