Some OpenVPN configuration files may sneak malware to your PC

Madeleine Dean By: Madeleine Dean
2 minute read
openvpn config file security vulnerability

Home » VPN » Some OpenVPN configuration files may sneak malware to your PC

If you installed OpenVPN on your computer, then you should really read this piece of news. Recent reports confirmed that certain OpenVPN config files may be dangerous, opening the gate for malware to enter your Windows computer.

As a quick reminder, OpenVPN configuration files are used to run a series of VPN connection instructions, such as: what crypto solution to use, which remote servers to connect to, what protocols to use, and so on. There is an important command in the OpenVPN config file that allows users to any binary script. This could lead to hackers generating reverse shells that are very hard to spot.

In other words, attackers can direct OpenVPN traffic to one particular IP address and then use it to run commands on the remote computer using the specially crafted OpenVPN configuration file.

In a blog post on Medium, Jacob Baines offers further details about this issue:

Using untrusted ovpn files is dangerous. You are allowing a stranger to execute arbitrary commands on your computer. Some OpenVPN compatible clients like Viscosity and Ubuntu’s Network Manager GUI disable this behavior. However, after a long discussion with security@openvpn.net, it does not seem like this behavior will ever be removed from OpenVPN proper. As such, unless you know how to read ovpn files, I suggest you be very wary about the configuration files you are using.

So, if you’re using OpenVPN, the best solution is to simply avoid downloading config files. You can also switch to an alternative VPN solution. We recommend installing Cyberghost, one of the best VPN software in the world. Follow the link available below to get at a discounted price.

Why choose CyberGhost?
cyberghost vpn for windows logo
  • 256-bit AES encryption
  • Over 3000 servers worldwide
  • Great price plan
  • Excellent support

Discussions

Next up

Player Unknown’s Battlegrounds is down worldwide

Madeleine Dean By: Madeleine Dean
Less than a 1 minute read

Player Unknown’s Battlegrounds is down for thousands of users worldwide. So, if you can’t join PUBG’s servers, rest assured, the issues is not on your […]

Continue Reading

How to use Google Photos in Windows 10

Ivan Jenic By: Ivan Jenic
4 minute read

Microsoft promotes its in-house Photos app as the best possible solution for storing your photos in Windows 10. While Microsoft’s is indeed a very solid […]

Continue Reading

The referenced account is currently locked out [WINDOWS 10 FIX]

Andrew Wafer By: Andrew Wafer
3 minute read

Are you having problems while trying to log in to your Microsoft account? In that case, you will most likely receive the following alert: ‘The […]

Continue Reading