Add a conclusion to OpenVPN article
This commit is contained in:
parent
f23f0eae27
commit
c363e84b96
|
@ -215,6 +215,17 @@ Unfortunately, it turns out that especially for the `AUTH_FAILED` control channe
|
|||
If 2FA is implemented using the script mechanism sending custom messages they easily end with a newline asking the client to enter the verification code.
|
||||
I believe in 2.6.12 the client tolerates trailing newline characters.
|
||||
|
||||
## Conclusion
|
||||
|
||||
The first bug, the timer rescheduling bug, is at least 20 years old!
|
||||
It hasn't always been exploitable, but the bug itself goes back as far as the git history does.
|
||||
I haven't attempted further software archeology to find the exact time of introduction.
|
||||
Either way, it's old and gone unnoticed for quite a while.
|
||||
|
||||
I think this shows that diversity in implementations is a great way to exercise corner cases, push forward (protocol) documentation efforts and get thorough code review by motivated peers.
|
||||
This work was funded by [the EU NGI Assure Fund through NLnet](https://nlnet.nl/project/MirageVPN/).
|
||||
In my opinion, this shows that funding one open source project can have a positive impact on other open source projects, too.
|
||||
|
||||
<!-- XXX: contact assumes reynir.dk -->
|
||||
[robur]: https://robur.coop/
|
||||
[miragevpn-server]: https://blog.robur.coop/articles/miragevpn-server.html
|
||||
|
|
Loading…
Reference in a new issue