Posted: Wed May 30, 2018 12:32 Post subject: CVE-2018-7544 (OpenVPN server warning)
I recently upgraded my R7000 to DD-WRT v3.0-r36000M kongac ( 05/24/18 ) and noticed this new warning in the openvpn log:
Quote:
WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Appears to be something new in Openvpn 2.4.6, related to the management interface which is used under the ddwrt status > openvpn so we can view logs and connected clients...
Is this really something to worry about? Is there a way to have ddwrt's status page use a socket instead of a TCP connection or can we set a password for the management interface to use?