[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Security issue with OpenVPN 2.0-rc11 (but not previous releases)

  • Subject: [Openvpn-users] Security issue with OpenVPN 2.0-rc11 (but not previous releases)
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Sat, 5 Feb 2005 13:36:40 -0700 (MST)
This release has a security issue when --auth-user-pass-verify is used on
the server side.  I mistakenly left some debugging code defined which will
cause the --auth-user-pass username and password submitted by the client
to be written to the server log file or syslog.

This issue is not present in any releases prior to 2.0-rc11 and will 
be fixed in 2.0-rc12.

James

On Thu, 3 Feb 2005, James Yonan wrote:

> 
> Download:
> 
> http://openvpn.net/beta/
> 
> Change Log:
> 
> 2005.02.03 -- Version 2.0-rc11
> 
> * Windows installer will now install easy-rsa directory
>   in \Program Files\OpenVPN
> * Allow syslog facility to be controlled at compile time,
>   e.g. -DLOG_OPENVPN=LOG_LOCAL6 (P Kern).
> * Changed certain shell scripts in distribution to use
>   #!/bin/sh rather than #!/bin/bash for better portability.
> * If --ifconfig-pool-persist seconds parameter is 0, treat
>   persist file as an allocation of fixed IP addresses
>   (previous versions took IP-to-common-name associations
>   from this list as hints, not mandatory static allocations).
> * Fixed bug on *nix where if --auth-user-pass and --log
>   were used together, the username prompt would be sent to
>   the log file rather than /dev/tty.
> * Spurious text in openvpn.8 detected by doclifter
>   (Eric S. Raymond).
> * Call closelog later on daemon kill so that process
>   exit message is written to syslog.
> 
> James
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-02/msg00099.html on line 227

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-02/msg00099.html on line 227