1
Votes

OpenVPN server is reusing key and the old certificate is valid after new implementation.

 
1
Votes

OpenVPN server is reusing key and the old certificate is valid after new implementation.

OpenVPN server is reusing key and the old certificate is valid after new implementation.
OpenVPN server is reusing key and the old certificate is valid after new implementation.
Friday
Model: ER706W  
Hardware Version: V1
Firmware Version: 1.1.2 Build 20240726 Rel.77184(4555)

OpenVPN server is reusing key and the old certificate is valid after new implementation.

hvad I tried 

 

1) I deleted the implementation of my OpenVPN server.

2) I create a new instance of the OpenVPN server using the routers webpage.

3) I share my vpn users to use the new OpenVPN server (section vpn, users)

4) I then connected from my pc with the new OpenVPN file including the certificates and key. that worked fine.

5) however to my big surprise I then tried using my mobile phone, I forgot to update my OpenVPN configuration file and use the old one, to my big surprise I was also able to log on.

6) which for me means that  you are using the same key even though you create a new certificate pair moreover there is no check on the certificate used or simply the product is generating the same set each time.

 

 

I am very concerned ,  I expect a resolution asap this this not secure at all.

If you want to sell omada as SMB product then you need to make sure that basic security are implemented correct

 

Clive_A please send me a note when you have red my message

br

Trollen

 

#1
Options