Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New OpenVPN attack demo'd at DEFCON

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 582 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gfeiner
      last edited by

      FYI. Seems dependent on compression being enabled.

      https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Yep, that's been going around for the last week or so. We have disabled compression by default for new OpenVPN instances on 2.4.4. The good news is that it depends not only on compression being enabled, but also on the attacker being able to get the user to load plaintext they can predict (e.g. HTTP sites), and even then it can only get access to a little bit of data there like session info, and even then only on certain browsers (it doesn't work against Chrome). So it's a clever attack using classic TLS issues with compression, but the sky isn't exactly falling for most people.

        • https://www.netgate.com/docs/pfsense/releases/2-4-4-new-features-and-changes.html
        • https://redmine.pfsense.org/issues/8788
        • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Nafeez/

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.