OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack..
The original article can be found at: https://sweet32.info/
The information has been provided by Karthikeyan Bhargavan.
A vulnerability was reported in OpenVPN. A remote user can decrypt transmitted data in certain cases.
A remote user that can monitor the network and can capture a long duration Blowfish CBC mode encrypted TLS session over which some amount of known plaintext is communicated can recover some plaintext in certain cases.
Over the duration of a long-lived connection, a cipher block collision may occur, allowing the remote user to recover the exclusive OR between the two plaintext blocks. If the communications protocol sends a fixed plaintext portion repeatedly and also sends some amount of known plaintext, the user can recover the secret plaintext.
The attack method is known as a SWEET32 attack.
64-bit block ciphers, such as 3DES and Blowfish, are affected by this type of attack.