Описание
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-15078
- https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
- https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6
- https://security.gentoo.org/glsa/202105-25
- https://usn.ubuntu.com/usn/usn-4933-1
Связанные уязвимости
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...
Уязвимость функции отложенной аутентификации deferred_auth программного обеспечения OpenVPN, позволяющая нарушителю вынудить сервер вернуть сообщение PUSH_REPLY c данными о настройках VPN до отправки сообщения AUTH_FAILED
