CVE-2018-7544 (OpenVPN server warning)

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
clueo8
DD-WRT Novice


Joined: 17 Oct 2016
Posts: 20
PostPosted: Wed May 30, 2018 12:32    Post subject: CVE-2018-7544 (OpenVPN server warning) Reply with quote
I recently upgraded my R7000 to DD-WRT v3.0-r36000M kongac ( 05/24/18 ) and noticed this new warning in the openvpn log:

Quote:
WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure


Appears to be something new in Openvpn 2.4.6, related to the management interface which is used under the ddwrt status > openvpn so we can view logs and connected clients...

Is this really something to worry about? Is there a way to have ddwrt's status page use a socket instead of a TCP connection or can we set a password for the management interface to use?

https://community.openvpn.net/openvpn/wiki/CVE-2018-7544 - It seems that the developers of openvpn are disputing this as an actual vulnerability...
Back to top View user's profile Send private message
Sponsor
clueo8
DD-WRT Novice


Joined: 17 Oct 2016
Posts: 20
PostPosted: Mon Jun 04, 2018 13:56    Post subject: Reply with quote
Thanks for confirming, I didn't think it was that big of a deal either. This should help others come to the same conclusion.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum