PT-2006-3198 · Openvpn+1 · Openvpn+1

Publicado

2006-05-05

Atualizado

2020-05-12

CVE-2006-2229

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.0.7 and earlier

Description The issue allows remote attackers to potentially view sensitive information or cause a denial of service when OpenVPN is configured to use the --management option with an IP that is not 127.0.0.1, as it uses a cleartext password for TCP sessions to the management interface.

Recommendations For OpenVPN versions 2.0.7 and earlier, consider disabling the --management option or restricting its use to the localhost IP (127.0.0.1) to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2229

Produtos afetados

Debian

Openvpn

PT-2006-3198 · Openvpn+1 · Openvpn+1

CVE-2006-2229

Identificadores relacionados

Produtos afetados

Referências · 12