PT-2020-14166 · Openvpn · Openvpn Access Server

Published

2020-07-14

Updated

2021-11-23

CVE-2020-15074

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions OpenVPN Access Server versions prior to 2.8.4 OpenVPN Access Server versions prior to 2.9.5

Description The issue allows an attacker to circumvent the initial token expiry timestamp by generating new user authentication tokens instead of reusing existing ones on reconnect.

Recommendations For versions prior to 2.8.4, update to version 2.8.4 or later. For versions prior to 2.9.5, update to version 2.9.5 or later.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-302CWE-613

Related Identifiers

CVE-2020-15074

Affected Products

Openvpn Access Server

PT-2020-14166 · Openvpn · Openvpn Access Server

CVE-2020-15074

Weakness Enumeration

Related Identifiers

Affected Products

References · 3