Quarkslab was hired by the Open Source Technology Improvement Fund to assess the security of OpenVPN 2.4.0.0. Audit focused on code and cryptography assessment. Issues were reported to the OpenVPN team and have been fixed. The full report is made available on this blog post. Findings only the main issues with a security impact are reported here. Backward compatibility weakens encryption and authentication. The audit included Linux and Windows versions of the project’s OpenVPN for Android.”]
Source: https://blog.quarkslab.com/security-assessment-of-openvpn.html