Skip to content

README.md

Latest commit

 

History

History
28 lines (18 loc) · 1.02 KB

README.md

File metadata and controls

28 lines (18 loc) · 1.02 KB

PQConnect Audit Findings

Security audit of PQConnect, a post-quantum VPN that authenticates and encrypts traffic between hosts using McEliece and X25519. Each finding includes a detailed write-up and a patch.

Summary

Total findings: 4 -- High: 1, Medium: 3

Findings

Handshake and peer management

# Finding Severity
001 Ephemeral key responses ignore UDP source Medium
002 Unauthenticated fail packet removes active peer Medium

0-RTT replay protection

# Finding Severity
003 Timestamp-keyed replay cache forgets same-second ciphertexts High

Cookie management

# Finding Severity
005 Forged cookie checks exhaust epoch nonce counter Medium