This project: https://github.com/FiloSottile/Heartbleed (which I have contributed to) allows you to check any STARTTLS-based service (POP/IMAP/SMTP/etc). I am not sure what would need to be changed for OpenVPN.
- Y On Fri, Apr 11, 2014 at 9:57 AM, Tim Nelson <[email protected]> wrote: > Greetings- > > Hot on the heels of the OpenSSL debacle, and a fresh new release of > pfSense (THANK YOU), I'm curious about the Heartbleed vulnerabilitie's > actual surface attack area. All of the relevant information, reports, and > PoC's are pointing at exploit only via an affected HTTPS webserver. > However, I have not yet seen any PoC for exploiting other SSL based > services, specifically OpenVPN. > > At this time, are there PoC's for Heartbleed and OpenVPN? I understand > regardless the upgrade/patch is needed, but curious to know if an exploit > is yet in the wild for OpenVPN (TCP or UDP, using PKI or even static keys). > > Thanks! > > --Tim > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
