Mr. Ka Lok Wu

**Name of the Vulnerable Software and Affected Versions** OpenVPN Connect versions before 3.4.0.4506 (macOS) OpenVPN Connect versions before 3.4.0.3100 (Windows) **Description** The issue is related to errors in the certificate authentication procedure, allowing a remote attacker to perform a man-in-the-middle attack. This can lead to the interception of configuration profile download requests, which may contain user credentials. **Recommendations** For OpenVPN Connect versions before 3.4.0.4506 (macOS), update to version 3.4.0.4506 or later. For OpenVPN Connect versions before 3.4.0.3100 (Windows), update to version 3.4.0.3100 or later. As a temporary workaround, consider restricting access to sensitive configuration profiles until a patch is applied.