[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: Possible Man-in-middle attack by trusted user (?)


  • Subject: Re: [Openvpn-users] Re: Possible Man-in-middle attack by trusted user (?)
  • From: Manon Goo <manon@xxxxxxxx>
  • Date: Thu, 25 Nov 2004 04:35:27 +0100

Perhaps openvpn could honour the subjectAltname of the server cert
and verify if the IP or DNS setting is correct



--On Mittwoch, 24. November 2004 18:57:12 MEZ -0600 Charles Duffy <cduffy@xxxxxxxxxxx> wrote:

Mathias,

Sounds plausible to me too; thanks for the heads-up.

Looks like this would not only allow traffic to be sniffed (or modified),
but would also let the attacker learn the attackee's username and password
if auth-user-pass is in use... ouch!



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users



Attachment: pgpmRgPjtafb9.pgp
Description: PGP signature