A researcher has revealed four dangerous bugs, among others, in OpenVPN which two recent audits of the virtual private network’s code failed to find.
The first vulnerability, CVE-2017-7521, is a set of issues found in the extract_x509_extension, in which attackers can create a remote server crash and memory leaks.
If the user has utilized the x509-username-field configuration, a storage issue results in crashes, loops can be caused by a failure to check strings and return values properly, and a naming issue causes memory leak problems.
The second vulnerability, CVE-2017-7520, only affects users who use OpenVPN to connect to a Windows NTLM version 2 proxy.
A man-in-the-middle (MiTM) attack is possible, resulting in data leaks and potential surveillance — and as user passwords are stored in cleartext, this may also compromise the user further.
Finally, another bug — with no CVE assignment — can cause stack buffer overflow corruption if a long -tls-cipher option is implemented.
