Changes between Version 18 and Version 19 of CVE-2018-7544


Ignore:
Timestamp:
03/22/18 08:08:54 (6 years ago)
Author:
Samuli Seppänen
Comment:

Reword a sentence to hopefully make it more clear

Legend:

Unmodified
Added
Removed
Modified

  • CVE-2018-7544

    v18 v19  
    6565Not complying to these three simple points is considered a "you know what you are doing at your own risk" configuration.
    6666
    67 It could also be argued that the management interface is enabled in configuration files provided by a VPN service provider or similar.  Again, this is improper usage of OpenVPN if there are no management service process activating the core OpenVPN process.  Any OpenVPN end-user need to get the configuration file from a well known and trusted source, if it has not already been installed by a system or network admin.  OpenVPN itself cannot account for or try to protect users against using a configuration file from non-trusted source.  Users using configurations from untrusted sources run a much higher risk on many other levels than  the possibility to abuse the management interface.
    68 
     67It could also be argued that the management interface is enabled in configuration files provided by a VPN service provider or similar.  Again, this is improper usage of OpenVPN if there are no management service process activating the core OpenVPN process.  OpenVPN end-users should get the configuration file from a well-known and trusted source, if it has not already been installed by a system or network admin.  OpenVPN itself cannot account for or try to protect users against using a configuration file from non-trusted source.  Users who use OpenVPN configuration files downloaded from untrusted sources are taking much bigger risks than the possibility that their management interface gets abused.
    6968
    7069=== Conclusion ===