CVE-2020-15074

7.5HIGH

Key Information:

Vendor: Openvpn
Status: Openvpn Access Server
Vendor: CVE Published:; 14 July 2020

Summary

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

Affected Version(s)

OpenVPN Access Server 2.8.3 and prior versions in addition to 2.9.5

References

https://openvpn.net/vpn-server-resources/release-notes/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Jun 25, 2020