|
|
|
|
|
|
by snom370
5758 days ago
|
|
|
Still, if OpenVPN drops packets lacking the HMAC packet authentication without processing them further, then either 1) the guy would also need the HMAC key, or
2) the zero-day is in the code that looks at the HMAC signature. It's not that I only count on this for security, but it's a matter of reducing the attack surface. Likewise, I don't have passwordless guest accounts on all my servers, since that would make the attack surface even greater. |
|
|