Weblate: demo.weblate.org is vulnerable to SWEET32 Vulnerability

Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between clients and servers. To use such algorithms, the data is broken into fixed-length chunks, called blocks, and each block is encrypted...

OpenVPN for Android - Exported ContentProvider, GPL license vulnerabilities

HackApp vulnerability scanner discovered that application OpenVPN for Android published at the 'play' market has multiple vulnerabilities...

Simple OpenVPN Raspberry Pi Installer: piVPN

Simple OpenVPN Raspberry Pi Installer This is a set of shell scripts that serve to easily turn your Raspberry Pi TM into a VPN server using the free, open-source OpenVPN software. The master branch of this script installs and configures OpenVPN on Raspbian Jessie and has been tested on Ubuntu 14....

autovpn - Easily connect to a VPN in a country of your choice

autovpn is a tool to automatically connect you to a random VPN in a country of your choice. It uses openvpn to connect you to a server obtained from VPN Gate. Compiling First clone the repo and cd into the directory: $ git clone https://github.com/adtac/autovpn $ cd autovpn Then run this to...

IVPN 2.6.6120.33863 Privilege Escalation

Exploit IVPN Client for Windows 2.6.6120.33863 Privilege Escalation Date: 06.02.2017 Software Link: https://www.ivpn.net/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description It is possible to run openvpn as...

IVPN Client 2.6.1 - Local Privilege Escalation

IVPN Client 2.6.1 - Local Privilege Escalation Exploit IVPN Client for Windows 2.6.6120.33863 Privilege Escalation Date: 06.02.2017 Software Link: https://www.ivpn.net/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

Design/Logic Flaw

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-6329

Removed by vendor...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

CVE-2016-6329

OpenVPN is affected when using 64-bit block ciphers in CBC (e.g., Blowfish). A Sweet32 birthday-attack bound can allow remote attackers to recover partial plaintext on long-lived sessions (e.g., HTTP-over-VPN). The connected advisories recommend upgrading OpenVPN to a newer release to mitigate th...

Viscosity 1.6.7 - Local Privilege Escalation

Viscosity 1.6.7 - Local Privilege Escalation Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation Date: 31.01.2017 Software Link: https://www.sparklabs.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

Viscosity 1.6.7 Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation Date: 31.01.2017 Software Link: https://www.sparklabs.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category:...

UBUNTU-CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

Viscosity 1.6.7 - Local Privilege Escalation

Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation Date: 31.01.2017 Software Link: https://www.sparklabs.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description It is possible to execute openvpn...

Viscosity OpenVPN 2.3 Privilege Escalation Vulnerability

Viscosity Open VPN version 2.3 suffers from an unquoted service path local privilege escalation vulnerability. Title : Viscosity Open VPN 2.3 Privilege Escalation Author : Ajay Gowtham aka AJOXR Tested on : Windows 10 Latest version x64 bit Software :...

Viscosity Open VPN 2.3 Privilege Escalation

Title : Viscosity Open VPN 2.3 Privilege Escalation Date : 28/11/2016 Author : Ajay Gowtham aka AJOXR Tested on : Windows 10 Latest version x64 bit Software : https://www.sparklabs.com/downloads/Viscosity%20Installer.exe Vulnerability Description: When the Viscosity VPN software is installed a...

OpenVPN to Undergo Cryptographic Audit

The next version of the open-source OpenVPN software will be audited by an well-known cryptographer. It was announced Wednesday that Matthew D. Green, PhD, a cryptographer, computer science professor, and researcher at Johns Hopkins University will carry out an audit of the code currently availab...