Current security state of the agent #214
Comments
|
There are commits: https://github.com/Ylianst/MeshAgent/commits/master @mwllgr Can you help with time, code or money? |
mwllgr
changed the title
|
Thanks for linking the donation/support thread and referencing the latest commits, @marclaporte. However, my focus for this thread was mainly on security, as this is the client part of the MeshCentral software suite, I think it is crucial to know whether it is secure to use with the current code base and used library versions etc. As my knowledge of C (and JS in this case) is pretty limited, I'd appreciate some more feedback on that, especially regarding my questions - by someone who's able to at least tell which libraries/versions are used or similar. I think this would be extremely relevant for people that just use MeshCentral (and that's the vast majority). |
|
I did a quick check and I found something: The last OpenSSL update: 9d38b7e There have been some releases in that branch since: https://www.openssl.org/news/openssl-1.1.1-notes.html But OpenSSL branch 1.1.1 is EoL anyways, so a major update would make sense. Now, does this mean there is an exploitable issue? This is not trivial to answer. Is there any way you can help? Thanks! |
Hello,
I'm starting to get a bit concerned about the MeshCentral agent - the last update was over a year ago.
As far as I can see, @krayon007 was the only one who really worked on the agent itself.
I assume that he also doesn't work at Intel anymore. A bit of information on the current state of this project would be greatly appreciated:
The text was updated successfully, but these errors were encountered: