Openvpn has been audited and security issues have been Identified

[Keksjdjdke 35]

Multiple security Vulnerabilities were found in Openvpn 2.4.1. OpenVPN 2.4.1 was simultaneously reviewed by Quarkslab (funded by OSTIF).

Here is a link to the audit information.

 

https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

[Staff 9972]

Hello!

 

AirVPN is the 4th OSTIF top donor:

https://ostif.org/top-ostif-donors/

 

We contributed specifically for the OpenVPN audit.

 

We're glad to see that the audit completed quickly and that no serious security vulnerabilities have been found client-side. Even server-side, the only two security issues are not particularly worrying. A denial of service can be triggered by a client sending at least 196 GB in a certain way, while another denial of service can be caused by having the tls-auth key.

 

Let's remember anyway that the bug bounty remains open.

 

Our upgrade schedules sever-side remain unchanged, as well as Air client software release cycle. Each new release of our software is packaged with the latest OpenVPN version and keep in mind that you can configure the software to use any OpenVPN version you prefer.

 

Kind regards

[trekkie.forever 6]

Since I am unsure what you're server side upgrade schedule is, can you please advise by approximately when the servers will be updated to 2.4.2?

 

Thanks.