CVE-2022-33738

Name of the Vulnerable Software and Affected Versions OpenVPN Access Server versions prior to 2.11

Description The issue concerns a weak random generator used to create user session tokens for the web portal. This weakness can potentially be exploited, although specific details about real-world incidents or the estimated number of affected devices are not provided.

Recommendations For versions prior to 2.11, update to version 2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the web portal until the update can be applied.