skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

OpenVPN Connect Addresses Critical Vulnerability Exposing Keys

/ 1 min read

🔑 OpenVPN Connect patches critical vulnerability exposing user private keys. A serious security flaw (CVE-2024-8474) in OpenVPN Connect, affecting versions prior to 3.5.0, could have allowed attackers to access users’ private keys and decrypt VPN traffic. This vulnerability, which has the potential to compromise millions of users, was discovered in the app’s logging system, where private keys were stored in clear text. OpenVPN Connect, with over 10 million downloads, does not provide VPN services directly but connects users to external servers. Users are strongly advised to update to version 3.5.1 to mitigate this risk, review their logs for suspicious activity, and consider changing their VPN credentials as a precaution.

Source
{entry.data.source.title}
Original