CyberSecurity news

FlagThis - #OpenVPN

@securityonline.info //
Multiple critical vulnerabilities have been discovered across several products, posing significant security risks. A zero-day exploit in industrial routers is being actively used by a new Mirai-based botnet, launching DDoS attacks worldwide, particularly impacting organizations in China, the U.S., Germany, the UK, and Singapore. These attacks, though brief, generate considerable traffic. Additionally, the popular Nuclei vulnerability scanner has been found to have a serious flaw. Tracked as CVE-2024-43405, this high-severity vulnerability allows attackers to bypass template signature checks and inject malicious code. This could provide attackers access to sensitive data on systems running the scanner, versions after 3.0.0 are impacted and users should update to v3.3.2.

The OpenVPN software has also been found with vulnerabilities. The application logged the configuration profile’s private key in clear text, which could allow attackers with access to device logs to extract private keys which then can be used to decrypt VPN traffic. This vulnerability, identified as CVE-2024-8474, affects versions of OpenVPN Connect prior to 3.5.0. OpenVPN also has a vulnerability (CVE-2024-5594) that allows attackers to inject arbitrary data into third party applications and plug-ins, potentially impacting systems with log manipulation or excessive CPU usage. Users are advised to immediately update to the latest versions to mitigate the risks of these vulnerabilities.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
Classification:
  • HashTags: #ZeroDay #OpenVPN #NucleiScanner
  • Target: Multiple Organizations
  • Product: Multiple Products
  • Feature: Multiple Vulnerabilities
  • Type: Vulnerability
  • Severity: Major
@securityonline.info //
A critical security vulnerability, identified as CVE-2024-8474, has been discovered in the OpenVPN Connect application. This flaw affects versions prior to 3.5.0, and stems from the application logging the user's private key in clear text within the application log. A malicious actor who gains access to a device running a vulnerable version of OpenVPN Connect could potentially extract this private key, using it to decrypt the user's VPN traffic. This vulnerability makes VPN protection completely ineffective. OpenVPN Connect is a widely used client application, boasting over 10 million downloads on the Google Play Store, making it vital for users to be aware of this threat.

To address this, OpenVPN has released version 3.5.1, which fixes the key leakage vulnerability. While this latest update also addresses a separate app stability issue, users are strongly encouraged to update as soon as possible to ensure their protection. As a precautionary step it's recommended users check application logs for any suspicious activity if they were using a vulnerable version, and to change their VPN usernames and passwords. The OpenVPN Connect app itself requires users to connect to a separate VPN server. Users should remain vigilant for potential security risks and make it a habit to keep software updated.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cR0w :cascadia:: OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic
  • securityonline.info: CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys
  • securityonline.info: CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys
  • nvd.nist.gov: OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic
Classification:
  • HashTags: #OpenVPN #Vulnerability #PrivacyBreach
  • Company: OpenVPN
  • Target: OpenVPN Users
  • Product: OpenVPN Connect
  • Feature: Private Key Exposure
  • Type: Vulnerability
  • Severity: Major