Description

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

Remediation

References

CVE-2020-15074

Related Vulnerabilities

WordPress 6.2.x Multiple Vulnerabilities (6.2 - 6.2.3)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2507)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.17)

MySQL CVE-2016-8283 Vulnerability (CVE-2016-8283)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Open Redirect (1.85)

Severity

High

Classification

CVE-2020-15074 CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities