OpenVPN Connect Addresses Critical Vulnerability Exposing Keys
/ 1 min read
🔑 OpenVPN Connect patches critical vulnerability exposing user private keys. A serious security flaw (CVE-2024-8474) in OpenVPN Connect, affecting versions prior to 3.5.0, could have allowed attackers to access users’ private keys and decrypt VPN traffic. This vulnerability, which has the potential to compromise millions of users, was discovered in the app’s logging system, where private keys were stored in clear text. OpenVPN Connect, with over 10 million downloads, does not provide VPN services directly but connects users to external servers. Users are strongly advised to update to version 3.5.1 to mitigate this risk, review their logs for suspicious activity, and consider changing their VPN credentials as a precaution.
Source

Original