CVE-2020-15074

Summary

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

Affected Software

VendorProductVersion RangeStatus
n/aOpenVPN Access Server2.8.3 and prior versions in addition to 2.9.5affected

Weaknesses

  • CWE-302: CWE-302: Authentication Bypass by Assumed-Immutable Data

ADP Enrichment

CVE Program Container

Additional References

References