The Heartbleed Exploit

Implications for UD

As a result of the Heartbleed security vulnerability, the University of Delaware is requiring that all members of the University community change UDelNet passwords created before April 8, 2014.

On April 7, researchers announced a security vulnerability ("Heartbleed") in Open SSL, affecting security at over 66% of websites around the globe. On April 8, UD installed patches and updated security certificates on UD central servers to fix this vulnerability.

Even though there is no evidence that any UD servers have surrendered confidential information as a result of the Heartbleed vulnerability, because this vulnerability could have allowed access to password information for an extended period of time before April 8, the University encourages you to change your UDelNet, CAS, email, and other central passwords as soon as possible.

All UDelNet passwords created before April 8, 2014, must be changed.

You can select a new password by logging in to the UD Network page. When selecting a new UDelNet password,

  • Select a password that is 12 to 30 characters in length.
  • Select a password or passphrase that includes at least one character from three of these four categories:
    • Upper case letters
    • Lower case letters
    • Numerals
    • Any character not listed above (except for a blank space).
If you use a password other than your UDelNet password to access your UD Gmail account (Google account), you do not need to change that Google password. (e.g. for access from your smartphone, tablet, Outlook, etc.)

For information about best password practices and advice about selecting a new password see

Search IT Help

My UD Search for forms & applications.