CVE-2022-41924 – tailscaled can be used to remotely execute code

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Wireguard VPN mesh-networks distributed-networking OAuth

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • tailscale

    The easiest, most secure way to use WireGuard and 2FA.

    [co-author of the research here]

    They actually approximate this functionality in the Windows implementation: It checks netstat to enforce that incoming TCP connections are from the expected Windows user! https://github.com/tailscale/tailscale/blob/2a991a3541ae5d56...

    That's why we were happy with the solution they implemented as a stopgap, until they could switch to named pipes (which there is now an open PR for).

  • hyprspace

    Discontinued A Lightweight VPN Built on top of IPFS + Libp2p for Truly Distributed Networks.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • wgsd

    A CoreDNS plugin that provides WireGuard peer information via DNS-SD semantics

    https://github.com/jwhited/wgsd does NAT traversal with Wireguard, but you need to operate a CoreDNS server to do it.

    More info on how it works: https://www.jordanwhited.com/posts/wireguard-endpoint-discov...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts