Comodo TrustConnect and Heartbleed.

More recently has been found highly critical vulnerability in OpenSSL. Following the publication of this vulnerability had been released very quickly fix for OpenSSL.Comodo TrustConnect also uses libraries OpenSSL, but he does not think updated. How to notify developers that they have updated as soon as possible TrustConnect?

Himself had to rectify the situation.
As is known TrustConnect based on open source project OpenVPN. So download the latest version
openvpn-install-2.3.3-I002-i686.exe or openvpn-install-2.3.3-I002-x86_64.exe (depending on the bit your operating system), where this vulnerability persists.
OpenVPN installer then open the program 7-zip and extract it to a separate folder files libeay32.dll, liblzo2-2.dll, libpkcs11-helper-1.dll, openssl.exe, ssleay32.dll, openvpn.exe.
Rename ssleay32.dll in libssl32.dll and openvpn.exe in TrustConnect.exe. After that, all the files in this folder is moved to the folder C:\Program Files\COMODO\TrustConnect\bin (for x86_32 system ) with the replacement of the original files.
Again open the OpenVPN distribution program 7-zip and extract the folder $TEMP file
tap-windows.exe (this installer TAP adapter) .
Run as administrator tap-windows.exe file and select the folder
C:\Program Files\COMODO\TrustConnect to install it in the adapter driver. After installation is complete, reboot your system and you can continue working in TrustConnect. Our problem is solved.

[attachment deleted by admin]

As is known TrustConnect based on open source project OpenVPN.
i did not know !

interesting because a lot of vpn work with openvpn so have they updated their tool ?
have i to follow your how-to for my soft (it is not trust connect) ?
is my vpn compromised ?

I think that is created using this statement follows VPN fully trusted by the user, as it is used only signed a valid digital signature project OpenVPN dynamic libraries and executables.

Excuse me for my English and possible misunderstandings, since Google Translate is still far from perfect.

I can’t say for other VPN clients.


If your VPN client uses an outdated version of OpenSSL, your VPN connection can be compromised

Thx Fyord.
i compare the version now (2.3.3-1001).

I wonder how long we have to wait for the Comodo deigns to release the latest version TrustConnest, reissue their certificate. People know that your vpn connection is not secure now by listening and if you are using in their activities secret data, you can compromise them.

Successful private key extraction from OpenVPN using Heartbleed.


it is _only_trust connect - the other vpn are not concerned with this topic

This applies to all Vpn services based on OpenVPN, so this applies to TrustConnect.

i have had a different answer _ - at the beginning of this topic and on other forum - are we speaking about the same thing ?
i am speaking about a new version of vpn so patched-not vulnerable at this break recommended for trustconnect.
openvpn-install-2.3.3-I002-i686.exe or openvpn-install-2.3.3-I002-x86_64.exe
if you are right ; i must install the latest version but i do not know if my vpn will work after … i will open a ticket for this question on the vpn site that i am using … hoping a clear answer willl come from them also.
Thx Fyord.


ok _some confusion with this subject
it applies to all Vpn services based on OpenVPN but mine has yet done the necessary _ so i am not concerned except for tap-windows (if i do not confuse one more again ! :embarassed:).

Thx Fyord _ :wink:

Attackers Exploit the Heartbleed OpenSSL Vulnerability to Circumvent Multi-factor Authentication on VPNs.

heartbleed is a success and another will come … is it a war against privacy ? or only a technical review ?

Thanks to Fyord for the do-it-yourself OpenVPN/TC update. However, I have to wonder why Comodo isn’t doing this for a product they charge about USD100/year to use (well, admittedly it’s the servers we pay for, not the client…).

TC Client hasn’t been updated since Aug. 2011, if the code signing time stamp is to be believed. That’s amazingly lame for a security product

From Comodo’s perspective, USD 100 is a pretty good annual fee for a consumer product. Are TC’s customers so few, we’re just not worth bothering with? They still advertise (and sell) “WiFi Trustconnect” Presumably, that’s the same product.