OpenVPN Management Interface Vulnerability in OpenVPN Products
CVE-2006-2229

Currently unrated

Key Information:

Vendor: Openvpn
Status: Openvpn; Openvpn Access Server
Vendor: CVE Published:; 5 May 2006

Summary

An issue in OpenVPN versions 2.0.7 and earlier allows the use of the --management option with a non-loopback IP address, resulting in the transmission of cleartext passwords over TCP sessions to the management interface. This flaw may expose sensitive information to remote attackers, potentially leading to unauthorized access or denial of service. Properly configuring management options and utilizing secure connections is critical to mitigate associated risks.

References

http://openvpn.net/man.html

x_refsource_MISC

http://www.securityfocus.com/archive/1/433000/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/432867/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 5, 2006
Vulnerability Reserved
May 5, 2006