Openvpn attaque possible via la compression (corrigée).
Message posté… : 14 avr. 2019, 17:37
Une news qui est passée à travers mes radars et pourtant j'utilise Openvpn en tant que serveur...
Source: https://community.openvpn.net/openvpn/wiki/VORACLE
Solution en fin de page du wiki en fonction du client utilisé.Security researcher Ahamed Nafeez has presented a new attack vector which targets VPN tunnels which utilizes compression, named VORACLE. The attack vector bears similarities to the CRIME and BREACH attacks, which hit especially HTTPS based connections.
The crux of this attack is the compression feature OpenVPN has had support for since the early OpenVPN v1.x days, in various ways. The compression feature is being enabled when you use one of the following configuration options:
Source: https://community.openvpn.net/openvpn/wiki/VORACLE