CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
87.4%
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
Vendor | Product | Version | CPE |
---|---|---|---|
openvpn | openvpn | 2.0 | cpe:2.3:a:openvpn:openvpn:2.0:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.1_rc1 | cpe:2.3:a:openvpn:openvpn:2.0.1_rc1:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.1_rc2 | cpe:2.3:a:openvpn:openvpn:2.0.1_rc2:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.1_rc3 | cpe:2.3:a:openvpn:openvpn:2.0.1_rc3:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.1_rc4 | cpe:2.3:a:openvpn:openvpn:2.0.1_rc4:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.1_rc5 | cpe:2.3:a:openvpn:openvpn:2.0.1_rc5:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.1_rc6 | cpe:2.3:a:openvpn:openvpn:2.0.1_rc6:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.1_rc7 | cpe:2.3:a:openvpn:openvpn:2.0.1_rc7:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.2_rc1 | cpe:2.3:a:openvpn:openvpn:2.0.2_rc1:*:*:*:*:*:*:* |
openvpn | openvpn | 2.0.3_rc1 | cpe:2.3:a:openvpn:openvpn:2.0.3_rc1:*:*:*:*:*:*:* |