#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

OpenVPN | Breaking Cybersecurity News | The Hacker News

Category — OpenVPN
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Aug 09, 2024 Vulnerability / Network Security
Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information," Vladimir Tokarev of the Microsoft Threat Intelligence Community said . That said, the exploit, presented by Black Hat USA 2024, requires user authentication and an advanced understanding of OpenVPN's inner workings. The flaws affect all versions of OpenVPN prior to version 2.6.10 and 2.5.10. The list of vulnerabilities is as follows - CVE-2024-27459 - A stack overflow vulnerability leading to a Denial-of-service (DoS) and LPE in Windows CVE-2024-24974 - Unauthorized access to the "\\openvpn\\service" named pipe in Windows, allowing an attacker to remotely inte
Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits

Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits

Jun 22, 2017
A security researcher has found four vulnerabilities, including a critical remote code execution bug, in OpenVPN, those were not even caught in the two big security audits of the open source VPN software this year. OpenVPN is one of the most popular and widely used open source VPN software solutions mostly used for various connectivity needs, but it is especially popular for anonymous and private access to the Internet. This year, two independent security audits of OpenVPN were carried out to look for flaws, backdoors, and other defects in the open source software – one conducted by a team led by Johns Hopkins University crypto-boffin Dr. Matthew D. Green. The audits resulted in a patch of a few vulnerabilities in the widely used open source software, giving OpenVPN a clean chit. Researcher Used Fuzzer to find Bugs in OpenVPN Researcher Guido Vranken of Netherlands exclusively used a fuzzer and recently discovered four security holes in OpenVPN that escaped both the secur
How to Get Going with CTEM When You Don't Know Where to Start

Want To Excel in Cybersecurity Risk Management?

Georgetown UniversityWebinar / Risk Management
Manage cybersecurity risk with a Georgetown master's degree. Learn more in our Oct. 23 webinar.
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources