i wanted to inform you causing a new possible attack called "Voracle" --> https://i.blackhat.com/us-18/Wed-August ... tworks.pdf --> https://www.bleepingcomputer.com/news/s ... nnections/ --> https://www.mail-archive.com/openvpn-de ... 16919.html whereby HTTP traffic can be recovered by sending it via encrypted VPN connections under certain conditions.
As far as i know there are 5 circumstances needed to decrypt the session key:
Quote from --> https://nordvpn.com/blog/voracle-attack/
- Attacker needs to be on the same network as you;
- You need to be using an HTTP connection;
- You need to be using a browser vulnerable to VORACLE (anything but Chrome);
- You need to visit a website that the hacker controls;
- You need to be using OpenVPN with compression engaged.