Description

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

Remediation

References

CVE-2020-15074

Related Vulnerabilities

WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6)

Oracle JRE CVE-2013-0444 Vulnerability (CVE-2013-0444)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37390)

Squid NULL Pointer Dereference Vulnerability (CVE-2023-46728)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39111)

Severity

High

Classification

CVE-2020-15074 CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities