HIGH🇬🇧 English

CVE-2020-15074

CVSS 7.5v3.1pub. 2020-07-14upd. 2024-11-21

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Openvpn Access Server

    APP
    Openvpn
    < 2.8.42.9.0 – 2.9.6 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
VPN
CWE
Referencje

Powiązane podatności

CVE-2023-46850CRITICAL9.8ten sam produkt

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or rem...

CVE-2020-8953CRITICAL9.8ten sam produkt

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in ...

CVE-2023-46849HIGH7.5ten sam produkt

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker ...

CVE-2021-4234HIGH7.5ten sam produkt

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a...

CVE-2022-33737HIGH7.5ten sam produkt

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and be...