|
|
BugTraq
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw May 03 2006 05:12PM c0redump ackers org uk (2 replies) Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw May 04 2006 07:31PM Joachim Schipper (j schipper math uu nl) (2 replies) Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw May 05 2006 04:07AM Kurt Seifried (bt seifried org) Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw May 03 2006 08:14PM David F. Skoll (devnull roaringpenguin com) |
|
Privacy Statement |
>documentation wouldn't know about it, and you have to explicitly enable
>it. It does not seem too much of a problem to me.
>Joachim
Hi.
Of course it is, but it's hidden away nicely, and who reads documentation
anyway eh? ;o) ..certainly not a system administrator in a hurry to set up
a VPN while being bitched at by his boss. I thought I'd bring it to the
attention of everyone on this list who may be running it, and didn't realise
the implications. If you want to bitch about something, bitch about these
XSS attacks appearing on bugtraq relating to guestbook v1, etc. that about
two people in the world use that doesn't include big organisations. As
opposed to OpenVPN - which is used by many, including some big organisations
I'm guessing. Additionally, they could have put warnings in the actual
code, checks, even disable binding to a specific NIC. However, as someone
mentioned, they don't enable the interface by default - so we'll give them a
blue peter badge for that.
Have a lovely day.
-- c0redump
#hacktech @ undernet
ps. thank you to the PGP girlies who gave me a free beer at infosec 2006 -
much love ;o)
[ reply ]