My $0.02¢: Moderately worried, I should think.
This CVE came through official sources, so the devs had it before the hackers, and hackers can only start coding once they are informed. I trust nobody was stupid enough to publish exploit source code.
OTOH, this apparently isn't the sort of thing that can be sorted with a quick patch to some file, which would be uploaded in a week. This seems more in the nature of highlighting a weakness of VPNs as they stand structurally, requiring more attention, and perhaps re-jigging the structure. Compatibility between systems also may be an issue.
I imagine this exploit isn't trivial to write, so the longer it goes unpatched, the bigger the danger of this being exploited. So if you're paranoid, worry more next month than you do this month. I'm not paranoid, so I don't care. I gather Tor hasn't been cracked yet, although folks are trying. I imagine nobody is trying harder than Tor itself.
|