Changes between Version 4 and Version 5 of SecurityAnnouncement-97597e732b
- Timestamp:
- 12/01/14 18:53:38 (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SecurityAnnouncement-97597e732b
v4 v5 13 13 == Mitigating factors == 14 14 15 Only ''tls-authenticated'' clients can trigger the vulnerability in the OpenVPN server. Thus both client certificates and TLS auth will protect against this exploit as long as all OpenVPN clients can be trusted to not be compromised and/or malicious. Note that username/password authentication does *not*protect against this exploit.15 Only ''tls-authenticated'' clients can trigger the vulnerability in the OpenVPN server. Thus both client certificates and TLS auth will protect against this exploit as long as all OpenVPN clients can be trusted to not be compromised and/or malicious. Note that username/password authentication does ''not'' protect against this exploit. 16 16 17 17 In particular VPN service providers are affected, because anyone can get their hands on the necessary client certificates and TLS auth keys.