CVE-2022-3761

Summary

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials

Affected Software

VendorProductVersion RangeStatus
OpenVPN IncOpenVPN Connectuntil 3.4.0.4506 < 3.4.0.4506affected
OpenVPN IncOpenVPN Connectuntil 3.4.0.3100 < 3.4.0.3100affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References