Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Cryptography Expert to Audit OpenVPN

VPN service provider Private Internet Access has contracted cryptography expert Matthew Green to conduct a comprehensive audit of the open-source VPN application OpenVPN.

VPN service provider Private Internet Access has contracted cryptography expert Matthew Green to conduct a comprehensive audit of the open-source VPN application OpenVPN.

Green, who is a professor of computer science and researcher at Johns Hopkins University in Baltimore, was also involved in auditing the file and disk encryption software TrueCrypt as part of the Open Crypto Audit Project (OCAP).

The expert has been tasked with finding vulnerabilities in OpenVPN 2.4, which is currently a release candidate (rc1). Green will analyze the source code available on GitHub and the results will be compared to the final version of OpenVPN 2.4.

Private Internet Access will make the results of the audit public, but not before ensuring that OpenVPN patches the vulnerabilities discovered by Green.

“The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco AnyConnect,” explained Caleb Chen of Private Internet Access.

“Instead of going for a crowdfunded approach, Private Internet Access has elected to fund the entirety of the OpenVPN 2.4 audit ourselves because of the integral nature of OpenVPN to both the privacy community as a whole and our own company,” Chen added.

In the case of TrueCrypt, auditors determined that it does not contain any backdoors or severe design flaws, but the software’s anonymous developers decided to abandon the project before the completion of the audit.

Advertisement. Scroll to continue reading.

Related Reading: VeraCrypt Patches Vulnerabilities Following Audit

Related Reading: cURL Security Audit Reveals Several Vulnerabilities

Related Reading: OpenVPN Versions Released Since 2005 Affected by Critical Flaw

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...

Application Security

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...

Application Security

Malware hunters at Microsoft are calling attention to a nasty macOS malware family that has evolved quickly from a basic information-gathering trojan to a...

Application Security

Cybersecurity powerhouse Palo Alto Networks on Thursday announced plans to spend $195 million in cash to acquire Israeli startup Cider Security, a deal that...