Michael Yonli

**Name of the Vulnerable Software and Affected Versions** tinc versions 1.0.30 through 1.0.34 **Description** The issue concerns a broken authentication protocol. Although there is a partial mitigation available, the problem is fully resolved in version 1.1. **Recommendations** For versions 1.0.30 through 1.0.34, update to version 1.1 to fully resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tinc VPN versions 1.0.34 and earlier **Description** The issue concerns missing message authentication in the meta-protocol, allowing a man-in-the-middle attack to disable the encryption of VPN packets. **Recommendations** For Tinc VPN versions 1.0.34 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.