|
|
James Yonan wrote: >* Security fix -- Affects non-Windows OpenVPN clients of > version 2.0 or higher which connect to a malicious or > compromised server. > I must say I think saying this is a "security hole" is a bit of a stretch! Someone would have to connect to a compromised server in order to be affected. Well that is basically the same as running an executable someone you don't know sent you - it's a "stupidly exploit" - not a software exploit! :-) Even if it was a MITM attack, you would have had to disable OpenVPNs built-in cert-checking components before this would work, along with "tls-auth"... I just can't imagine this exploit occuring in the real world... Have I missed something? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |