Description

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

Remediation

References

CVE-2020-15074

Related Vulnerabilities

WordPress Plugin Backup Migration Cross-Site Request Forgery (1.2.9)

WordPress Plugin Amazon Tools Cross-Site Scripting (1.7.2)

MySQL CVE-2018-3067 Vulnerability (CVE-2018-3067)

WordPress Plugin Flickrpress PHP Object Injection (1.0.2)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-44528)

Severity

High

Classification

CVE-2020-15074 CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities