Weak Random Generator in OpenVPN Access Server Web Portal
CVE-2022-33738

7.5HIGH

Key Information:

Vendor: Openvpn
Status: Openvpn Access Server
Vendor: CVE Published:; 6 July 2022

What is CVE-2022-33738?

OpenVPN Access Server prior to version 2.11 utilizes a weak random number generator for generating user session tokens within its web portal. This vulnerability can potentially expose user session information, compromising the security of sessions and enabling session hijacking. Users of OpenVPN Access Server are advised to upgrade to mitigate risks associated with this vulnerability.

Affected Version(s)

OpenVPN Access Server until 2.11

References

https://openvpn.net/vpn-server-resources/release-notes/#o...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2022
Vulnerability Reserved
Jun 15, 2022

Openvpn

What is CVE-2022-33738?

Affected Version(s)

References

CVSS V3.1

Timeline