V2Ray has received a security audit from 7ASecurity #3096
xiaokangwang
started this conversation in
General
Replies: 2 comments 3 replies
-
"V2R-01-007 WP1/2: Possible V2Ray DoS via JA3 Fingerprints" It should be rephrased as "Possible V2Ray fingerprinting vector via JA3 fingerprints" to remedy confusion regarding "DoS". V2Ray is not a VPN btw |
Beta Was this translation helpful? Give feedback.
1 reply
-
That's great. It's a pity that they did not discover some notable known issues in the community, e.g. X-Forwarded-For spoofing #1037, DoS attack #2783, and SOCKS authentication bypass. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
V2Ray's primary code base v2ray-core has recently received a code audit from 7ASecurity, funded by OTF.
https://www.opentech.fund/security-safety-audits/v2ray-security-audit/
OR
V2R-01-V2Ray-Audit-Public-RC1.1.pdf
This security audit concluded that V2Ray had no exploits or any other critical flaws that could lead to the compromise of the host system. The other medium or minor issues we received have either been fixed or are in the process of requesting them to be fixed by upstream projects.
We would like to thank 7ASecurity for their excellent work at reviewing the code base and providing valuable feedback, and OTF for funding this code review(We are not aware of how much it costs OTF to conduct this code review).
Beta Was this translation helpful? Give feedback.
All reactions