Remote Authentication Bypass in OpenVPN by OpenVPN Technologies
CVE-2020-15078

7.5HIGH

Key Information:

Vendor: Openvpn
Status: Openvpn
Vendor: CVE Published:; 26 April 2021

What is CVE-2020-15078?

OpenVPN versions 2.5.1 and earlier are susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to circumvent the authentication mechanism in environments where deferred authentication is configured. Exploiting this vulnerability could provide attackers with access to the control channel data, potentially leading to further information disclosure and unauthorized actions on the server.

Affected Version(s)

OpenVPN 2.5.1 and earlier versions

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://community.openvpn.net/openvpn/wiki/CVE-2020-15078

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2021
Vulnerability Reserved
Jun 25, 2020

Openvpn

What is CVE-2020-15078?

Affected Version(s)

References

CVSS V3.1

Timeline