Question about Attacking SSL VPN (Pulse/openvpn/ect)

[Rp28f3ex 0]

Recently came across this article and seen some things with in it that I thought might apply to AirVPN and the Eddie Client.

Question: Dose the “logon script” feature in Eddie or in the implementation of AirVPN's  ovpn.configs  suffer from this vulnerability?

Question is base on this source.
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/

Bonus: Take over all the VPN clients
Our company, DEVCORE, provides the most professional red team service in Asia. In this bonus part, let’s talk about how to make the red team more RED!

We always know that in a red team operation, the personal computer is more valuable! There are several old-school methods to compromise the VPN clients through SSL VPN before, such as the water-hole attack and replacing the VPN agent.

During our research, we found a new attack vector to take over all the clients. It’s the “logon script” feature. It appears in almost EVERY SSL VPNs, such as OpenVPN, Fortinet, Pulse Secure… and more. It can execute corresponding scripts to mount the network file-system or change the routing table once the VPN connection established.   ?

Due to this “hacker-friendly” feature, once we got the admin privilege, we can leverage this feature to infect all the VPN clients! Here we use the Pulse Secure as an example, and demonstrate how to not only compromise the SSL VPN but also take over all of your connected clients:

* So dose AirVPN have any issues with this and if so what can be done to help?

Over the past several month there has been a lot of XSS and different type of DDOS effecting connectivity and different drops while using AirVPN. Also Logs are full of IPs with offensive packets. Not claiming in this post any connection to the service (AirVPN) 


To the Admins and all making this service possible; Thank You!
 

[OpenSourcerer 1363]

3 hours ago, o1pAdcUU said:

Over the past several month there has been a lot of XSS and different type of DDOS effecting connectivity and different drops while using AirVPN. Also Logs are full of IPs with offensive packets. Not claiming in this post any connection to the service (AirVPN) 

Can you elaborate on these sentences? What logs?

Your linked article refers to SSL VPN implementations in hardware from Pulse Secure, it seems. AirVPN does not offer SSL VPN. You can connect to AirVPN over TLS, but it's a stunnel-based TLS tunnel with OpenVPN encapsuled and by my reckoning differs from SSL VPN's definition.