Cyberghostvpn linux client version with vulnerabilities

[mmmds]

CyberGhostVPN Linux client 1.3.4 has vulnerabilities. Version 1.4.1 has them fixed. Reference: https://mmmds.pl/cyberghostvpn-mitm-rce-lpe/

[tmcphee]

I'm aware of the vulnerabilities of CyberGhostVPN Linux client 1.3.4. This is the only working version CyberGhost has with working WireGuard. All other versions continuously drop connection or don't connect at all. I will keep monitoring CyberGhost for when the issue is resolved and update to the latest version.

[moormaster]

I tried to file a support ticket at cyberghostvpn to get this issue fixed. After a long correspondence the only conclusive answer I got is:

"Upon further investigation it seems that our colleagues are currently in the process of implementing upgrades, this being the reason that Wireguard is not working.

However, as we do not have an estimated time for the process , until then, we can recommend you to use a configuration through OpenVPN."

Unfortunately connecting using the wireguard protocol using the most recent linux client provided by cyberghostvpn is not possible either since they are trying to reach a server with certificate pinning - but failed to include the public key for the certificate into the linux-client and also failed to keep their ssl certificate renewed on the server side. :(

[tmcphee]

Thanks for taking the time to reach out to support trying to figure that out. I've tried contacting support myself over the year, and they told me to use another OS (Windows) or OpenVPN. I've tried all Linux distributions they have listed as supported with no luck. Hopefully, CyberGhost will come around to fix the issue.