URGENT: Upgrade your Ahsay Meter License Key

We have notified our partners regarding the POODLE vulnerability and the necessity to upgrade the meter license key to Version 6.21.2.0 or above by March 4th 2015.  Details of the POODLE vulnerability can be found here: http://www.ahsay.com/jsp/en/home/index.jsp?pageContentKey=ahsay_about-us_latest-news_postponed-upgrade-of-ahsay-license-server-for-poodle-vulnerability

In our recent system check, we noticed some of the meter partners have yet to complete their upgrade to the latest version.  This post is to notify partners affected to take immediate action to upgrade.  Based on our meter model, meter partners are eligible for upgrade when they settle their monthly meter payment.  Please note that without the upgrade, meter license key will NOT be functional.

Please contact our support team at support-kb@ahsay.com if you have any question.

Ahsay Server Maintenance – Disabling SSLv3 to prevent POODLE Vulnerability

Hi partners, please note that the following servers will be offline on Wednesday March 4th 2015 between 09:30 AM – 11:30 AM Hong Kong time. In order to enhance the security of our servers to protect partners from the POODLE vulnerability, all communications using SSLv3 protocol will be disabled.

1. Ahsay License Server
2. Ahsay Customization Portal
3. Ahsay Shopping Center
4. Ahsay Singe Sign On Server

Ahsay Backup Software and POODLE Vulnerability

To address the recently-discovered SSLv3 security vulnerability (the “POODLE” vulnerability), we will not support SSLv3 connection between your OBS, RPS, RDR, UBS to the Ahsay License Server starting 12 January 2015. We will support connection over TLS instead.

Impact on our Partners

Our software release (V.6.21.2.0) will support connections between all our components (OBS-OBM, OBS-RPS, OBS-ALS, etc.) over TLS to stop this security leakage. It is important for you to upgrade your Ahsay™ Backup Software to this version ASAP to avoid exposing your customers’ data to such risk. We will be running in parallel SSLv3 & TLS until early January 2015 so you can plan ahead on your upgrade when we close out on this breach in a timely manner.

Since the connection between OBS and ACB/OBM is also using SSLv3 for Versions earlier than 6.21.2.0, you should upgrade your client-side software (OBM/ACB) to Version 6.21.2.0 as well to stop this vulnerability on your customer side and protect their data.

After early January 2015

Partners who run on a model that needs regular connection to the Ahsay™ License Server must upgrade their software to Version 6.21.2.0 or later. Without connection to the Ahsay™ License Server, your software will not be functional. Such partners include:

– Partners running on Meter Model
– Partners running on Lease Model
– Partners using Pooled License/License Management Portal
– Partners requesting to add license to a license key
– Partners requesting to Relax License

On Relaxing License

While perpetual license keys are not affected, relax key request cannot be entertained unless OBS/RPS is Version 6.21.2.0 or above. We understand this will impose additional works for our partners but we cannot keep our License Server vulnerable to attacks which may cause more problems. Partners are therefore recommended to make a plan to upgrade their software to Version 6.21.2.0 as soon as possible.

For detailed instructions on how to upgrade your AhsayOBS/AhsayRDR/AhsayRPS servers to v6.21.2.0 or above please refer to the following KB article https://forum.ahsay.com/viewtopic.php?f=22&t=10686. Or you can contact us if you have any further question.