Batu69 Posted May 24, 2017 Share Posted May 24, 2017 And it's a nasty one if the user you crack has admin rights French security outfit Sysdream has gone public with a vulnerability in the admin interface for OpenVPN's server. The finding is a bit awkward because it comes after OpenVPN's client got a clean bill of health in two independent security audits earlier this month. The attack, designated CVE-2017-5868, was published by Sysdream's Julien Boulet 90 days after the company says OpenVPN first acknowledged the issue. While waiting for a fix, this OSS-SEC post suggests users put a reverse proxy between the server and the Internet, and restrict access to the Web interface. The server's mistake is that it doesn't escape the carriage return/line feed (CR/LF) character combination. “Exploiting these vulnerabilities, we were able to steal a session from a victim and then access the application (OpenVPN-AS) with his rights.” the post says, adding that there are serious consequences if the victim is an administrator account.” By opening the OpenVPN-AS application, the victim receives a valid session cookie pre-authentication. That session cookie can be set by the attacker using a malicious URL; and when the victim completes login, their profile and rights will be associated with the attacker's cookie. In fairness, The Register notes that for such popular software with a big attack surface, OpenVPN has a fairly low turnover of security vulnerabilities. Article source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.