h4ng3r 0 Posted ... I've noticed that in OpenVPN 2.4.* there is a new service "OpenVPNInteractiveService" which apparently provides openvpn gui client (run by an unprivileged user) some controls over the vpn. Is that coming to Eddie? To be able to run eddie and connect to vpn with non-admin account. Quote Share this post Link to post
zhang888 1065 Posted ... The 2.4.x final steps of the audit should be done soon, so it is safer to see what they think about this feature.Personally I still think there is an attack vector here, although they only cover the OpenVPN exectuable here:https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService their focus seems to be on preventing abusive OpenVPN directives from being executed for privilege escalation,such as --up scripts:This cannot be used anymore for privilege escalation to admin (by running an --up script from openvpn which is run-as-admin). But you can still replace the OpenVPN binary with another one and gain escalation to admin if the service does not check it. 1 h4ng3r reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
h4ng3r 0 Posted ... Thank you for such an informative reply. I'll be patient then. Quote Share this post Link to post
h4ng3r 0 Posted ... Hey. Just wanted to check if you have any update on this? Quote Share this post Link to post
Not connected, Your IP: 3.144.189.177
Online: 23525 users - 286591 Mbit/s total BW