RCC users who are using NoMachine v4 to connect to Spear should upgrade to the latest version as soon as possible to fix a security vulnerability.

NoMachine is our recommended client for connecting to Spear. The developers have recently issued the following press release:

An injection vulnerability has been found in OpenSSL’s ChangeCipherSpec processing making it possible for malicious third parties to force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and even modify traffic from the attacked client and server (CVE-2014-0224).

All NoMachine 4 users are strongly invited to update their client and server installations to [the latest] release, 4.2.25. Users of 3.5.0 are not affected.

Read more or Download the latest client.