CVE-2020-15078
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Affected (10)
Show all products
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 32 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 18.04 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.0 |
Related CWEs
CWE-305
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
References (16)
Source: security@openvpn.net
PatchVendor Advisory
Source: security@openvpn.net
Broken Link
Source: security@openvpn.net
Mailing ListThird Party Advisory
Source: security@openvpn.net
Source: security@openvpn.net
Source: security@openvpn.net
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.