PT-2006-3198 · Openvpn+1 · Openvpn+1

Published

2006-05-05

Updated

2020-05-12

CVE-2006-2229

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions OpenVPN versions 2.0.7 and earlier

Description The issue allows remote attackers to potentially view sensitive information or cause a denial of service when OpenVPN is configured to use the --management option with an IP that is not 127.0.0.1, as it uses a cleartext password for TCP sessions to the management interface.

Recommendations For OpenVPN versions 2.0.7 and earlier, consider disabling the --management option or restricting its use to the localhost IP (127.0.0.1) to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2229

Affected Products

Debian

Openvpn

PT-2006-3198 · Openvpn+1 · Openvpn+1

CVE-2006-2229

Related Identifiers

Affected Products

References · 12