PT-2022-21853 · Openvpn · Openvpn Access Server
Published
2022-07-06
·
Updated
2023-07-21
·
CVE-2022-33737
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenVPN Access Server versions 2.10.0 through 2.10.x and versions prior to 2.11.0, can be simplified to:
OpenVPN Access Server versions 2.10.0 through 2.11.0, but since 2.11.0 is not included, it is more accurate to say:
OpenVPN Access Server versions 2.10.0 through 2.10.x
However, given the context that the issue is present from version 2.10.0 up to but not including 2.11.0, the most concise and accurate representation is:
OpenVPN Access Server versions 2.10.0 through 2.10.x
Description
The OpenVPN Access Server installer creates a log file that is readable by everyone. This log file may contain a randomly generated admin password, posing a security risk.
Recommendations
For OpenVPN Access Server versions 2.10.0 through 2.10.x, consider restricting access to the log file generated by the installer to prevent unauthorized access to potentially sensitive information, such as the admin password, until a fixed version is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openvpn Access Server