Remote Authentication Bypass in OpenVPN by OpenVPN Technologies
CVE-2020-15078

7.5HIGH

Key Information:

Vendor
Openvpn
Status
Openvpn
Vendor
CVE Published:
26 April 2021

Summary

OpenVPN versions 2.5.1 and earlier are susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to circumvent the authentication mechanism in environments where deferred authentication is configured. Exploiting this vulnerability could provide attackers with access to the control channel data, potentially leading to further information disclosure and unauthorized actions on the server.

Affected Version(s)

OpenVPN 2.5.1 and earlier versions

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.