On Tue, Nov 23, 2021 at 8:51 AM Ralf Hildebrandt < ralf.hildebra...@charite.de> wrote:
> Yeah, it's in german, but anyway: > > https://www.heise.de/news/FBI-warnt-vor-Einbruechen-via-VPN-Software-6274101.html > > "An attacker can take leverage on this architecture and send the > config command from any application running on the local host machine > to force the back-end server into initializing a new open-VPN instance > with arbitrary open-VPN configuration. This could result in the > attacker achieving execution with privileges of a SYSTEM user." > Are there any plans of protecting the management interface (i.e. on > Windows-Client) using a random passwod, only known to the GUI & > openvpn process? > OpenVPN GUI has always used a random password for the management interface. Its cleared from memory on first use and not saved anywhere. I know of no GUI versions where this was not done. Selva
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
