forked from mirror/openwrt
7198ae4cf3
Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. This release also includes other bug fixes and improvements. Signed-off-by: Magnus Kroken <mkroken@gmail.com> |
||
|---|---|---|
| .. | ||
| config | ||
| ipv6 | ||
| services | ||
| utils | ||