Jump to content


Photo

Openvpn has been audited and security issues have been Identified

openvpn Eddie security

  • Please log in to reply
2 replies to this topic

#1 Keksjdjdke

Keksjdjdke

    Advanced Member

  • Members
  • PipPipPip
  • 188 posts

Posted 12 May 2017 - 10:07 PM

Multiple security Vulnerabilities were found in Openvpn 2.4.1. OpenVPN 2.4.1 was simultaneously reviewed by Quarkslab (funded by OSTIF).

Here is a link to the audit information.

 

https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits



#2 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 6982 posts

Posted 13 May 2017 - 09:58 AM

Hello!

 

AirVPN is the 4th OSTIF top donor:

https://ostif.org/top-ostif-donors/

 

We contributed specifically for the OpenVPN audit.

 

We're glad to see that the audit completed quickly and that no serious security vulnerabilities have been found client-side. Even server-side, the only two security issues are not particularly worrying. A denial of service can be triggered by a client sending at least 196 GB in a certain way, while another denial of service can be caused by having the tls-auth key.

 

Let's remember anyway that the bug bounty remains open.

 

Our upgrade schedules sever-side remain unchanged, as well as Air client software release cycle. Each new release of our software is packaged with the latest OpenVPN version and keep in mind that you can configure the software to use any OpenVPN version you prefer.

 

Kind regards



#3 trekkie.forever

trekkie.forever

    Advanced Member

  • Members
  • PipPipPip
  • 35 posts

Posted 17 May 2017 - 10:01 PM

Since I am unsure what you're server side upgrade schedule is, can you please advise by approximately when the servers will be updated to 2.4.2?

 

Thanks.







Similar Topics Collapse


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 13370 - BW: 38940 Mbit/sYour IP: 54.198.2.110Guest Access.