Changes between Version 4 and Version 5 of VulnerabilitiesFixedInOpenSSL1.0.1i
- Timestamp:
- 08/07/14 18:55:15 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
VulnerabilitiesFixedInOpenSSL1.0.1i
v4 v5 18 18 [1] This one triggers direct vulnerability in OpenVPN. Stack information is not leaked to the peer. It might be possible that the leaked information is passed on to a client script / plugin (not sure what form the leaked information has, if it's the leaked information is after a NUL-byte, it's probably not exported). Such a plugin/script could then leak the information to the attacker. 19 19 20 [2] If you are using OpenVPN 2.3.3 or OpenVPN 2.3.4 and have enabled newer TLS versions by using option tls-version-min in your configuration, your configuration is vulnerable to the protocol downgrade attack. However, it will still be a sleast as secure as a setup without tls-version-min in its configuration.20 [2] If you are using OpenVPN 2.3.3 or OpenVPN 2.3.4 and have enabled newer TLS versions by using option tls-version-min in your configuration, your configuration is vulnerable to the protocol downgrade attack. However, it will still be at least as secure as a setup without tls-version-min in its configuration.
