PT-2020-20391 · Openvpn · Openvpn Access Server

Published

2020-02-13

·

Updated

2020-05-12

·

CVE-2020-8953

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenVPN Access Server versions 2.8.0 through 2.8.0
Description The issue allows LDAP authentication bypass, except when a user is enrolled in two-factor authentication.
Recommendations For OpenVPN Access Server versions 2.8.0 through 2.8.0, update to version 2.8.1 to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-8953

Affected Products

Openvpn Access Server