Cross-Site Request Forgery Vulnerability in OpenVPN Access Server
CVE-2013-2692

Currently unrated

Key Information:

Vendor: Openvpn
Status: Openvpn Access Server
Vendor: CVE Published:; 13 May 2014

Summary

The OpenVPN Access Server before version 1.8.5 is susceptible to a cross-site request forgery (CSRF) vulnerability. This allows remote attackers to exploit the Admin web interface, enabling them to hijack administrator authentication and execute unauthorized requests, such as creating new administrative users without consent. Organizations using affected versions of OpenVPN Access Server should be aware of this security risk and consider updating to mitigate potential threats.

References

http://secunia.com/advisories/52802

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/93111

vdb-entryx_refsource_OSVDB

http://openvpn.net/index.php/access-server/download-openv...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 13, 2014
Vulnerability Reserved
Mar 26, 2013