CVE-2005-2531

Name of the Vulnerable Software and Affected Versions OpenVPN versions prior to 2.0.1

Description The issue allows remote attackers to cause a denial of service, specifically client disconnection, via a large number of failed authentication attempts. This can happen when OpenVPN is running with "verb 0" and without TLS authentication, causing the error to be processed by the wrong client. The vulnerability can be exploited remotely and may lead to disruption of protected information.

Recommendations For OpenVPN versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider enabling TLS authentication to minimize the risk of exploitation.