LDAP Authentication Bypass in OpenVPN Access Server by OpenVPN
CVE-2020-8953

9.8CRITICAL

Key Information:

Vendor: Openvpn
Status: Openvpn Access Server
Vendor: CVE Published:; 13 February 2020

Summary

OpenVPN Access Server versions prior to 2.8.1 have a vulnerability that allows an attacker to bypass LDAP authentication. This issue arises when a user is not enrolled in two-factor authentication, leaving them susceptible to unauthorized access. It's critical for administrators to upgrade to the latest version to mitigate the risk associated with this vulnerability.

References

https://openvpn.net/security-advisories/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2020
Vulnerability Reserved
Feb 12, 2020