| 352 | === Security related information === |
| 353 | There are 2 registry keys, that are dangerous and can allow the user to open an administrative prompt on the machine. They are |
| 354 | |
| 355 | {{{ |
| 356 | HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI\editor |
| 357 | and |
| 358 | HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI\log_viewer |
| 359 | }}} |
| 360 | |
| 361 | When using my method and click on ** View Log ** or ** Edit config **, by default notepad.exe will open (and of course) with highest privileges. To fix this, you should change the registry to an executable (you created), that shows an error message. I did this with a small AutoIT-Script, that does exactly that. I called it |
| 362 | |
| 363 | {{{ |
| 364 | notallowed.exe |
| 365 | }}} |
| 366 | The source is added to this Wiki page as |
| 367 | |
| 368 | {{{ |
| 369 | notallowed.au3 |
| 370 | }}} |
| 371 | |
| 372 | ** Without this change your installation is vulnerable and normal users can get an elevated command prompt, so absolutely change this registry keys!!!! ** |
| 373 | |