Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Help about MediaWiki
FUTO
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software
(section)
Main Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== OpenVPN exploits: === A '''CVE''' is a common vulnerability & exploit - aka, a way to hack into something. These are a small number that have occurred over the years. Finding CVEs isn’t a bad thing, every piece of software ever created is going to have security vulnerabilities. It is only bad if you are running hardware that you cannot update once a fix has been released. <span id="cve-2024-27459-cve-2024-24974-cve-2024-27903-cve-2024-1305"></span> ==== 1. CVE-2024-27459, CVE-2024-24974, CVE-2024-27903, CVE-2024-1305 ==== * '''Discovered''': March 2024 * '''Description''': Multiple vulnerabilities were found, mainly affecting OpenVPN’s client-side on Windows, Android, iOS, macOS, and BSD. These included stack overflow, unauthorized access, & plugin flaws leading to potential remote code execution (RCE) and local privilege escalation (LPE). Users were advised to update to OpenVPN versions 2.6.10 or 2.5.10 to mitigate the risks. ''You can only update OpenVPN versions if your router lets you.'' <blockquote>'''Terminology note:''' “client-side” means the part of the software that runs on your device (like a computer or smartphone), as opposed to “server-side”, which would be the part running on a remote server (Apple/Google’s server). “Remote Code Execution (RCE)” is a vulnerability that lets a hacker run code they want to run on your device. “Local Privilege Escalation (LPE)” means a vulnerability that lets a hacker get higher permissions (i.e. becoming an admin rather than being a regular user) allowing them to do things they shouldn’t or gain full control over your system. </blockquote> * '''Sources''': ** [https://cybersecuritynews.com/openvpn-vulnerabilities-rce-attack/ Cybersecurity News] ** [https://openvpn.net/security-advisories/ OpenVPN Security Advisory] ** [https://campustechnology.com/Articles/2024/08/16/Report-Increasing-Number-of-Vulnerabilities-in-OpenVPN.aspx Campus Technology] <span id="code-signing-key-intrusion-openvpn-2.5.8"></span> ==== 2. '''Code Signing Key Intrusion (OpenVPN 2.5.8)''' ==== * '''Discovered''': December 2022 * '''Description''': An intrusion was detected involving OpenVPN version 2.5.8. There’s no evidence suggesting the key was misused & OpenVPN proactively re-released the software signed with a new key for security. This is why updates matter. * '''Sources''': [https://openvpn.net/security-advisories/ OpenVPN Security Advisory] <span id="cve-2022-0547"></span> ==== 3. '''CVE-2022-0547''' ==== * '''Discovered''': February 2022 * '''Description''': Enabled authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, '''''which allows an external user to be granted access with only partially correct credentials.''''' aka, I can have a sawed off copy of your house key & still get in. * '''Sources''': [https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 OpenVPN Community] <span id="cve-2020-15077-cve-2020-36382"></span> ==== 4. '''CVE-2020-15077, CVE-2020-36382''' ==== * '''Discovered''': 2020 * '''Description''': These vulnerabilities affected OpenVPN Access Server, with risks of information leakage and potential denial-of-service (DoS). Patches were released fast to address these security issues, which requires you have a router that allows you to continue updating it after the manufacturer has given you the middle finger & told you to buy a new one. * '''Sources''': [https://openvpn.net/security-advisory/access-server-security-update-cve-2020-15077-cve-2020-36382/ OpenVPN Security Advisory] <span id="cve-2018-9334"></span> ==== 5. '''CVE-2018-9334''' ==== * '''Discovered''': 2018 * '''Description''': A denial-of-service vulnerability in OpenVPN’s handling of authentication processes, potentially allowing attackers to disrupt services was patched. * '''Sources''': [https://openvpn.net/security-advisories/ OpenVPN CVE List] <span id="cve-2017-7521"></span> ==== 6. CVE-2017-7521 ==== * '''Discovered''': 2017 * '''Description''': A memory exhaustion flaw was found where an attacker could exploit OpenVPN’s message handling to cause service disruption. * '''Sources''': [https://openvpn.net/security-advisories/ OpenVPN CVE List] <span id="guaranteed-long-term-compatibility-updates"></span>
Summary:
Please note that all contributions to FUTO may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
FUTO:Copyrights
for details).
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)