VikingVPN is Immune to New OpenSSL Crypto Bypass Flaw

There is new OpenSSL vulnerability notice circulating the web. It is known as the "crypto bypass" flaw. This flaw allows a man-in-the-middle attacker to decrypt information between a client and a server.

VikingVPN is immune to this attack because of our use of the HMAC firewall feature built into OpenVPN. It is not possible to establish a man-in-the-middle attack because the client and server both will drop all network traffic received from outside sources.

We have already updated our servers to close the flaw, but the impact to our users is nil. There will likely be another version of OpenVPN posted on the official site to close the vulnerability, as it uses an integrated OpenSSL 1.0.1 library that is vulnerable in certain configurations (again, not ours).

The updated version of the OpenVPN client will be located at: http://openvpn.net/index.php/download/community-downloads.html

This page will be updated if there are any new developments on the Crypto Bypass flaw.

< last
next >