GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu May 27, 2021 7:26 am Post subject: [ GLSA 202105-25 ] OpenVPN |
 |
|
Gentoo Linux Security Advisory
Title: OpenVPN: Authentication bypass (GLSA 202105-25)
Severity: normal
Exploitable: remote
Date: 2021-05-26
Bug(s): #785115
ID: 202105-25
Synopsis
A vulnerability has been found in OpenVPN, allowing attackers to
bypass the authentication process.
Background
OpenVPN is a multi-platform, full-featured SSL VPN solution.
Affected Packages
Package: net-vpn/openvpn
Vulnerable: < 2.5.2
Unaffected: >= 2.5.2
Architectures: All supported architectures
Description
It was discovered that OpenVPN incorrectly handled deferred
authentication.
Impact
A remote attacker could bypass authentication and access control channel
data and trigger further information leaks.
Workaround
Configure OpenVPN server to not use deferred authentication.
Resolution
All OpenVPN users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.5.2"
|
References
CVE-2020-15078 |
|
News & Announcements
