Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

how to write a patch to fix it? ‫בתאריך יום א׳, 17 בנוב׳ 2024 ב-6:24 מאת ‪tincantech‬‏ <‪ tincant...@protonmail.com‬‏>:‬ > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi nsh...@gmail.com > > It is common procedure to keep security concerns to the security@ mailing > list. > > To have yo

Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi nsh...@gmail.com It is common procedure to keep security concerns to the security@ mailing list. To have your concerns expertly reviewed, it is advisable to follow standard security and disclosure procedures. While this thread is, no doubt, amu

Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

Hi' i sent fully logs : ‫בתאריך יום א׳, 17 בנוב׳ 2024 ב-3:03 מאת ‪Johan Draaisma‬‏ <‪ jo...@openvpn.com‬‏>:‬ > Hello Natanel/Netanel, > > We still don't see the issue, exponential backoff is how this type of > situation is handled in other common protocols too, it is a not a security > vulnerabi

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

hi, I send logs: greetings, Netanel ‫בתאריך יום א׳, 17 בנוב׳ 2024 ב-1:50 מאת ‪Arne Schwabe‬‏ <‪a...@rfc2549.org ‬‏>:‬ > > Am 16.11.2024 um 20:22 schrieb נתי שטרן: > > > > Dear OpenVPN Security Team, > > > > This report describes a potential vulnerability impacting OpenVPN, > > version 2.6, exhi

Re: [Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

Am 16.11.2024 um 20:22 schrieb נתי שטרן: Dear OpenVPN Security Team, This report describes a potential vulnerability impacting OpenVPN, version 2.6, exhibiting behavior indicative of denial-of-service (DoS) conditions. The observed behavior strongly suggests a susceptibility to attacks that

Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

Am 16.11.2024 um 17:22 schrieb נתי שטרן: Hi, it's same on 2.6 version: Subject: Possible DoS Vulnerability - OpenVPN Server Showing Repeated TLS Handshake Failures Dear OpenVPN Security Team, I am writing to report a potential vulnerability to Denial-of-Service (DoS) attacks that I have ob

[Openvpn-devel] Subject: Potential OpenVPN Vulnerability Report: Repeated TLS Handshake Failures Leading to Denial-of-Service Conditions

Dear OpenVPN Security Team, This report describes a potential vulnerability impacting OpenVPN, version 2.6, exhibiting behavior indicative of denial-of-service (DoS) conditions. The observed behavior strongly suggests a susceptibility to attacks that exhaust server resources through repeated faile

Re: [Openvpn-devel] Subject: OpenVPN Client Vulnerability - TLS Key Negotiation Timeout Leading to DoS (Black Box Pentest)

Hi, it's same on 2.6 version: Subject: Possible DoS Vulnerability - OpenVPN Server Showing Repeated TLS Handshake Failures Dear OpenVPN Security Team, I am writing to report a potential vulnerability to Denial-of-Service (DoS) attacks that I have observed in an OpenVPN server's logs. The server