Name of the Vulnerable Software and Affected Versions plasma-applet-nm (affected versions not specified)

Description The issue concerns a lack of server certificate verification in plasma-nm when using OpenVPN, allowing anyone with the preshared key to perform a man-in-the-middle (MITM) attack by impersonating the server. This is due to plasma-nm not instructing OpenVPN to perform server certificate verification.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.