Watchtower

woowooz

Other than Heartbleed, what causes a site to show the red vulnerability alert? I have many sites that are shown as needing password change that are not vulnerable to Heartbleed and appear to have strong passwords.

Megan

Hi @woowooz,

Currently, the Watchtower service mainly flags Heartbleed affected sites. Although eBay has been added as well, due to their recent breach. Please note that in some cases you will see a vulnerability message for a site multiple times with respect to Heartbleed.

This is because there are multiple steps required to fully fix the Heartbleed vulnerability. Once the initial vulnerability has been addressed, sites still need to update their certificates, and revoke the old certificates. If you change your password, as suggested, after the vulnerability has been addressed, you will be prompted again when the site's certificates are updated.

I hope this helps, but we're here if you have any further questions!