FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openvpn -- deferred authentication can be bypassed in specific circumstances

Affected packages
openvpn < 2.5.2
openvpn-mbedtls < 2.5.2

Details

VuXML ID efb965be-a2c0-11eb-8956-1951a8617e30
Discovery 2021-03-02
Entry 2021-04-21

Gert Döring reports:

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

References

CVE Name CVE-2020-15078
URL https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
URL https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252