Yeah, it's in german, but anyway: https://www.heise.de/news/FBI-warnt-vor-Einbruechen-via-VPN-Software-6274101.html
"An attacker can take leverage on this architecture and send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in the attacker achieving execution with privileges of a SYSTEM user." Are there any plans of protecting the management interface (i.e. on Windows-Client) using a random passwod, only known to the GUI & openvpn process? -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netzwerk Campus Benjamin Franklin (CBF) Haus I | 1. OG | Raum 105 Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 ralf.hildebra...@charite.de https://www.charite.de _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
