Gaãtan Leurent

**Name of the Vulnerable Software and Affected Versions** OpenVPN versions prior to the fixed version **Description** The issue is related to the use of 64-bit block ciphers in OpenVPN, which can be exploited by remote attackers to obtain cleartext data via a birthday attack, specifically a "Sweet32" attack, against long-duration encrypted sessions. This can be demonstrated in an HTTP-over-OpenVPN session using Blowfish in CBC mode. **Recommendations** For OpenVPN versions prior to the fixed version, consider disabling the use of 64-bit block ciphers, such as Blowfish in CBC mode, until a patch is available. Restrict access to sensitive data transmitted over OpenVPN to minimize the risk of exploitation. As a temporary workaround, consider using alternative encryption methods that are not affected by the "Sweet32" attack.