Eddie security issue - please provide some info

[George123 5]

There has been a security issue found with Eddie, reported on their Github:

https://github.com/AirVPN/Eddie/issues/150

Please can we be assured this is being addressed?

 

[Tech Jedi Alex 1522]

The security policy is found at the bottom of the Specs page. Therein is defined what is accepted as a vulnerability and what isn't, as well as contact info with the appropriate PGP key.
Neither Support nor GitHub/GitLab are valid ways to report this.

[George123 5]

Hi, 

This may be the case. Regardless, the question stands: are the Eddie developers looking into this? Development of Eddie seems really lacking at present, there are several open issues on Github, particularly on Mac, that have not been fixed in spite of being reported over a year ago. The issues have not even been replied to. 

This really isn't filling me with confidence. Please can a member of staff assure us customers that this issue is being looked in to? And when can we expect a fix for the macOS permissions issue? 

Thank you. 
 

[Staff 10423]

Hello!

As noted the claimed vulnerability and PoC was/were not filed through the proper channels.

According to the report we could finally access, the vulnerability affects macOS (not Windows or Linux), only in case the user checks "Preferences->UI->CLI" in order to have "eddie-cli <options>" available in a command line interface. macOS is the only system for which the stand alone Eddie CLI version is not offered. While the report is being investigated please do not enable that option and run Hummingbird if you need a CLI based program to connect. We will update this thread and of course, should the problem be confirmed, the devs will release a new version.

Kind regards