Critical OpenVPN Connect Vulnerability Leaks Private Keys

Summary: OpenVPN Connect has patched a critical vulnerability (CVE-2024-8474) that could have exposed users’ private keys and decrypted their VPN traffic, affecting millions of users. Users are urged to update to version 3.5.1 to mitigate this risk.

Threat Actor: Malicious actors | malicious actors
Victim: OpenVPN Connect users | OpenVPN Connect users

Key Point :

  • Vulnerability allowed logging of private keys in clear text, risking user data security.
  • Over 10 million downloads on Google Play Store highlight the app’s popularity and potential impact.
  • Users should update to version 3.5.1, check logs, and change VPN credentials as a precaution.
  • Staying vigilant and keeping software updated is crucial for ongoing security.

Source: https://securityonline.info/cve-2024-8474-openvpn-connect-vulnerability-leaks-private-keys/