OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NOpenvpn Access Server
APPOpenvpn< 2.8.42.9.0 – 2.9.6 (bez)
Powiązane podatności
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or rem...
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in ...
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker ...
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a...
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and be...