easyvpn icon indicating copy to clipboard operation
easyvpn copied to clipboard

Published 20 hours ago verified publisher icon rodrigogs

Security issues

Open ghost opened this issue 8 years ago • 2 comments
trafficstars 

Differently from autovpn, this tool is able to run on Windows. Instead of executing sudo directly from the code, this tool leaves the task up to the user, so it is suposed to work on any platform.
  • You download a file over HTTP
  • This file is then piped straight into a file
  • This file is then fed into OpenVPN running as root

So pretty much, if the remote host wanted to, they could run arbitrary commands on your host, as root.

You can provide script-security 2 inside the configuration file which will result in execution of binaries and other scripts inside the configuration file

¯\(ツ)

ghost avatar Jan 27 '17 11:01 ghost

I'll try to make it happen as soon as I can. Also, pull requests are very welcome :)

rodrigogs avatar Jan 27 '17 11:01 rodrigogs

@Chnkr I'd appreciate some help with this configuration, if you may.

rodrigogs avatar Jan 27 '17 14:01 rodrigogs