CVE-2020-15074
N/A
N/A
Summary
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | OpenVPN Access Server | 2.8.3 and prior versions in addition to 2.9.5 | affected |
Weaknesses
- CWE-302: CWE-302: Authentication Bypass by Assumed-Immutable Data
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.