The internet is abuzz about the recent disclosure of a critical vulnerability in the popular the open-source logging library Log4j. Rightfully so, the worst of the vulnerabilities, CVE-2021-44228, disclosed on Friday, December 10, 2021, is as bad as it gets, allowing an attacker to completely takeover a target system with minimal effort.  The vulnerability has earned a critical rating score of 10 out of 10 on the CVSS severity model.

 

Password RBL Unaffected by Log4j Vulnerability

Password RBL is not impacted by this log4j vulnerability because Password RBL does not utilize this library in any systems.

This should not be surprising, since Password RBL has a zero-logging policy.  Thus, Password RBL has no need for a code library that provides advanced logging services.  But it is important for subscribers to know that Password RBL is unaffected by this recent vulnerability and continues to be a secure and easy way to prevent bad passwords before they happen.

 

Update on Additional Vulnerabilities

Since the original positing of this statement, additional vulnerabilities in the log4j library have been disclosed.  Password RBL remains unaffected by these additional vulnerabilities as well, since Password RBL does not utilize the log4j library at all.

 

Not a customer?

If you are not yet a customer of Password RBL but are interested in better passwords for your organization, then follow this link to learn more and read about why our zero-trust solution for better passwords really is secure.  Our solutions are easy to use and subscription costs are very reasonable.  Subscribe today!