Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

OpenVPN Desktop client affected by a critical CSRF flaw

Researchers at SEC Consult have discovered a CSRF vulnerability in the OpenVPN Desktop Client that can allow remote code execution. Security researchers at SEC Consult have discovered a CSRF flaw in the OpenVPN Desktop client and promptly reported it to the company in May. OpenVPN Desktop Client for its Access Server is an SSL VPN for a variety […]

OpenVPN Desktop client affected by a critical CSRF flaw

Researchers at SEC Consult have discovered a CSRF vulnerability in the OpenVPN Desktop Client that can allow remote code execution.

Security researchers at SEC Consult have discovered a CSRF flaw in the OpenVPN Desktop client and promptly reported it to the company in May. OpenVPN Desktop Client for its Access Server is an SSL VPN for a variety of platforms. The vulnerability only affects Windows versions of the application.

In response to the discovery, OpenVPN issued a security advisory to warn its customers of the presence of a Cross-Site Request Forgery (CSRF) vulnerability in its Desktop Client which could allow an attacker to execute arbitrary code remotely. 

“All Access Server customers using the ‘Desktop Client’ app for Windows should upgrade immediately to the OpenVPN Connect client.  The ‘Desktop Client’ is obsolete and is no longer maintained or available for download. This client contains a CSRF (Cross Site Request Forgery) vulnerability that can allow remote code execution by a malicious web site,” 

“It is also bundled with an older version of OpenSSL that has not received recent OpenSSL security updates.  This advisory only applies to the OpenVPN Access Server ‘Desktop Client’ app for Windows, and does not affect OpenVPN Connect, Private Tunnel, or community builds of OpenVPN for Windows.” OpenVPN reported in the advisory.

Experts at SEC Consult have verified that vulnerabilities affect OpenVPN Access Server “Desktop Client” version 1.5.6, which was the most recent version at the time of discovery. Also, any other versions of the product are affected by the flaw.

OpenVPN 2

OpenVPN is requesting its customers to update the Desktop Client to avoid attacks which exploit the CSRF flaw.

“Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server “Desktop Client” installed. Affected users should upgrade immediately to the OpenVPN Connect client.” the SEC Consult advisory states.

The attacker has to trick the user, running a vulnerable version of OpenVPN,  in to visit a malicious site.

“The OpenVPN Access Server ‘Desktop Client’ consists of two parts, a Windows service that offers an XML-RPC API via a webserver on localhost and a GUI component that connects to this API,” 

“The XML-RPC API is vulnerable to Cross-Site Request Forgery (CSRF). Using the API commands an attacker can: unmask a victim (e.g. by disconnecting an established VPN connection), perform MITM attacks (by connecting the victim to an ‘evil’ VPN server), execute arbitrary code with SYSTEM privileges (by adding a VPN profile that executes code).”

SEC Consult has provided a video proof of concept for the OpenVPN Access Server ‘Desktop Client’ vulnerability.

 

Pierluigi Paganini

Security Affairs –  (OpenVPN,CSRF )