Open mwllgr opened 10 months ago
marclaporte
commented
10 months ago There are commits: https://github.com/Ylianst/MeshAgent/commits/master
@mwllgr Can you help with time, code or money? https://github.com/Ylianst/MeshCentral/discussions/5540
mwllgr
commented
10 months ago Thanks for linking the donation/support thread and referencing the latest commits, @marclaporte. However, my focus for this thread was mainly on security, as this is the client part of the MeshCentral software suite, I think it is crucial to know whether it is secure to use with the current code base and used library versions etc.
As my knowledge of C (and JS in this case) is pretty limited, I'd appreciate some more feedback on that, especially regarding my questions - by someone who's able to at least tell which libraries/versions are used or similar. I think this would be extremely relevant for people that just use MeshCentral (and that's the vast majority).
marclaporte
commented
10 months ago I did a quick check and I found something:
The last OpenSSL update: https://github.com/Ylianst/MeshAgent/commit/9d38b7ea432244cb9f685c093be35d5f17a987ef
There have been some releases in that branch since: https://www.openssl.org/news/openssl-1.1.1-notes.html
But OpenSSL branch 1.1.1 is EoL anyways, so a major update would make sense. https://www.openssl.org/policies/releasestrat.html
Now, does this mean there is an exploitable issue? This is not trivial to answer.
Is there any way you can help?
Thanks!
Hello,
I'm starting to get a bit concerned about the MeshCentral agent - the last update was over a year ago.
As far as I can see, @krayon007 was the only one who really worked on the agent itself.
I assume that he also doesn't work at Intel anymore. A bit of information on the current state of this project would be greatly appreciated: