Weak Encryption in Easy-RSA Versions by OpenVPN
CVE-2024-13454

5.3MEDIUM

Key Information:

Vendor: Openvpn
Status: Easy-rsa
Vendor: CVE Published:; 20 January 2025

Summary

The vulnerability involves a weak encryption algorithm present in Easy-RSA versions from 3.0.5 to 3.1.7. This flaw allows local attackers to more easily bruteforce the private Certificate Authority (CA) key generated using OpenSSL 3, potentially compromising the security framework of key management within the OpenVPN ecosystem.

Affected Version(s)

Easy-RSA 3.0.5 <= 3.1.7

References

https://community.openvpn.net/openvpn/wiki/CVE-2024-13454

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2025
Vulnerability Reserved
Jan 16, 2025