On 4/16/2014 12:01 PM, Fredrik Strömberg wrote:
> We have successfully extracted private key material multiple times
> from an OpenVPN server by exploiting the Heartbleed Bug. The material
> we found was sufficient for us to recreate the private key and
> impersonate the server.
Hi,
Can y
Actually, I think for most installations it is worse than your sentence
"we believe it may severely impact those who have not already upgraded"
may sound like.
The problem is that even for installations that were upgraded
immediately after the disclosure of the openssl bug we cannot be sure
tha
Hi,
On Wed, Apr 16, 2014 at 06:01:20PM +0200, Fredrik Strömberg wrote:
> To our knowledge there is currently one published proof of concept
> script that checks an OpenVPN server's vulnerability to Heartbleed.
"one" or "no"?
gert
--
USENET is *not* the non-clickable part of WWW!
Could you post the code to secur...@openvpn.net?
> On Apr 16, 2014, at 11:01 AM, Fredrik Strömberg wrote:
>
> Hi openvpn-users,
>
> We have successfully extracted private key material multiple times
> from an OpenVPN server by exploiting the Heartbleed Bug. The material
> we found was sufficien
Hi openvpn-users,
We have successfully extracted private key material multiple times
from an OpenVPN server by exploiting the Heartbleed Bug. The material
we found was sufficient for us to recreate the private key and
impersonate the server.
As you may know, OpenVPN has an SSL/TLS mode where cert
