Openvpn

Openvpn Access Server

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.05%
  • Veröffentlicht 14.07.2020 18:15:14
  • Zuletzt bearbeitet 21.11.2024 05:04:45

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

  • EPSS 1.25%
  • Veröffentlicht 04.05.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:57:57

An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8.x before 2.8.3. With the full featured RPC2 interface enabled, it is possible to achieve a temporary DoS state of the management interface when sending an XML Entity Expansion (XEE...

  • EPSS 1.34%
  • Veröffentlicht 13.02.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:39:44

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

Exploit
  • EPSS 4.62%
  • Veröffentlicht 26.05.2017 01:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" charact...

  • EPSS 3.48%
  • Veröffentlicht 03.12.2014 18:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Exploit
  • EPSS 0.88%
  • Veröffentlicht 26.11.2014 15:59:19
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting e...

  • EPSS 0.97%
  • Veröffentlicht 13.05.2014 14:55:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.

Exploit
  • EPSS 2.81%
  • Veröffentlicht 18.11.2013 02:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and ...

  • EPSS 1.35%
  • Veröffentlicht 05.05.2006 19:02:00
  • Zuletzt bearbeitet 16.06.2026 22:24:36

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or ca...

  • EPSS 3.02%
  • Veröffentlicht 06.04.2006 22:04:00
  • Zuletzt bearbeitet 16.06.2026 22:23:20

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.