On Tue, Nov 23, 2021 at 11:13 AM Selva Nair wrote:
>
>
> On Tue, Nov 23, 2021 at 8:51 AM Ralf Hildebrandt <
> ralf.hildebra...@charite.de> wrote:
>
>> Yeah, it's in german, but anyway:
>>
>> https://www.heise.de/news/FBI-warnt-vor-Einbruechen-via-VPN-Software-6274101.html
>>
>> "An attacker can t
On Tue, Nov 23, 2021 at 8:51 AM Ralf Hildebrandt <
ralf.hildebra...@charite.de> wrote:
> Yeah, it's in german, but anyway:
>
> https://www.heise.de/news/FBI-warnt-vor-Einbruechen-via-VPN-Software-6274101.html
>
> "An attacker can take leverage on this architecture and send the
> config command fro
> ... so it seems our code already does this: generate a random password,
> and protect the management interface with it.
YAY!
> ceterum censeo: if you build a product that incorporates OpenVPN,
> do not run it with SYSTEM privileges and without a password, but have
> a look at how other peopl
Hi,
On Tue, Nov 23, 2021 at 02:49:10PM +0100, Ralf Hildebrandt wrote:
> Yeah, it's in german, but anyway:
> https://www.heise.de/news/FBI-warnt-vor-Einbruechen-via-VPN-Software-6274101.html
>
> "An attacker can take leverage on this architecture and send the
> config command from any application
Yeah, it's in german, but anyway:
https://www.heise.de/news/FBI-warnt-vor-Einbruechen-via-VPN-Software-6274101.html
"An attacker can take leverage on this architecture and send the
config command from any application running on the local host machine
to force the back-end server into initializing
