Search the Community
Showing results for tags 'vulnerability'.
Found 6 results
-
This is more out of curiosity than concern, but is the aes-256-cbc implementation that is used with airvpn vulnerable to padding oracle attacks? some context: https://en.wikipedia.org/wiki/Padding_oracle_attack https://crypto.stackexchange.com/questions/18185/modes-of-operation-that-allow-padding-oracle-attacks Thanks!
-
DUHK (Don't Use Hard-coded Keys) is a vulnerability that affects devices using the FIPS compliant ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key. Are AirVPN connections and/or Eddie vulnerable to this or is this only device specific (Fortinet/FortiOS)? https://duhkattack.com/ https://www.bleepingcomputer.com/news/security/duhk-crypto-attack-recovers-encryption-keys-exposes-vpn-connections-more/
-
EDIT: a deeper study of improperly called "WebRTC leak" has brought up how the initial approach by a wide part of communities discussing it has been totally wrong, has missed the core reasons and has proposed "solutions" which are questionable. Please see here to get a more balanced and informed view of the so called "problem". http://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks WARNING: the following post was written hours after "WebRTC leak" hit the news. It is now to be considered outdated. It is also inappropriate when it uses the word "vulnerability". However, the way to prevent applications to talk outside the tunnel is the same, enable Network Lock or set proper firewall rules. It is absolutely nothing new, just like the whole fabricated "WebRTC leak" affair. ============================================================================ Hello! Browsers supporting WebRTC run in a Windows-environment can seriously compromise the security of VPN-tunnels by allowing the true IP address of the user to be read. https://en.wikipedia.org/wiki/WebRTC#Concerns WebRTC is supported in the following browsers: https://en.wikipedia.org/wiki/WebRTC#Support According to our tests we can at this moment confirm that Linux and OS X appear to be not affected. EDIT: OS X users please see here, according to this report OS X is vulnerable as well. https://airvpn.org/topic/13490-vpn-security-flaw-does-this-affect-airvpn/?do=findComment&comment=24757 You can test your system here: http://ipleak.net Windows users can fix the vulnerability in one of the following ways: - by enabling "Network Lock" in our free and open source client Eddie - by configuring a firewall to prevent leaks. In our "How-To" section we have guides for Comodo and Windows Firewall - by disabling WebRTC on the browser (WARNING: you can't do that in Google Chrome desktop edition, you'll need an extension). This page seems quite accurate https://www.browserleaks.com/webrtc#webrtc-disable EDIT: in the above linked page, the extension recommended for Chrome does not really prevent leaks - by running a browser which does not support WebRTC Kind regards AirVPN Support Team
-
/dev/ttyS0 recently analyzed D-Link's DIR-890L and found a security issue which opens up the possibility of executing any code with privileges of system, i.e. root. The worst thing about it is: The firmware version was designed to patch three different vulnerabilities in connection with HTTP and UPnP... .. which were, well, not really closed. If you are using a D-Link router orif you are planning on buying one,scroll to the bottom of the post and see if your model is listed there. If so, you should really think about your habits or your choices, respectively. From what I understood, this can only be exploited in a local network. The truth is: If D-Link doesn't seem to care about exploits in local networks - do you really think they care about what's coming from the internet? You should really abandon the D-Link ship.
-
Hi there, I thought I'd direct the AirVPN staffs attention towards this newly discovered bug in certain versions of OpenSSL. Description: http://heartbleed.com/ Reddit Netsec Discussion: http://www.reddit.com/r/netsec/comments/22gaar/heartbleed_attack_allows_for_stealing_server/ Are AirVPN users vulnerable to this exploit, and if so will you be implementing Fixed OpenSSL? Thanks, you guys are always awesome!
-
To everyone using a Fritz!Box: Perform an immediate update of your firmware! It closes a shortly discovered vulnerability used to execute code with root privileges when viewing a specially crafted website with any connected device. How to update More info #1 More info #2