Changes between Version 3 and Version 4 of SecurityAnnouncement-f375aa67cc
- Timestamp:
- 04/10/13 12:48:29 (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SecurityAnnouncement-f375aa67cc
v3 v4 7 7 OpenVPN servers are typically configured to silently drop packets with the wrong HMAC. For this reason measuring the processing time of the packets is not trivial without a MITM position. In practice, the attack likely needs some target-specific information to be effective. 8 8 9 The severity of this vulnerability can be considered low. Only if OpenVPN is configured to use a null-cipher, arbitrary plaintext can be injected, and there are serious consequences from this attack. 9 The severity of this vulnerability can be considered low. Only if OpenVPN is configured to use a null-cipher, arbitrary 10 plain-text can be injected which can completely open up this attack vector. 10 11 11 12 = Affected versions =
