New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VPN-busting bug
Just sharing this article.
https://www.theregister.co.uk/2019/12/06/vpnbusting_bug_spotted/
A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted traffic hijacked, it is claimed.
Thanked by 1Decicus
Comments
Good read! Mitigated by enabling strict reverse path filtering. Another article from OpenVPN stating not an issue with software, rather OS: https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/ and here's another with a good breakdown and how to mitigate on linux machines: https://protonvpn.com/blog/statement-on-cve-2019-14899/