Apache Log4j2 vulnerability (CVE-2021-44228)

Password Boss' services and applications are not affected by the Apache Log4j2 vulnerability (CVE-2021-44228)

On 12/10/21, a high severity security vulnerability in the Java-based log4j logging framework (CVE-2021-44228) was reported and began to be actively exploited on systems across the internet. This exploit is also known as "log4shell" or "shellshock" and provides a vector for remote code execution.

Since the vulnerability was made public, we have been actively reviewing and doing a deep dive into all our codebases, dependencies infrastructure, and 3rd party vendors to see whether any part was affected. We are happy to report that nothing was found.

None of our web services are written or make use of any Java code or libraries. The only Java code in our stack is our Android mobile application, which was checked thoroughly, including all dependencies, and there is no usage of Log4j at all.

Security is a top priority at Password Boss so we will continue to review & assess vulnerabilities as they become known to maintain and ensure security in your environments.