CVE-2022-33738

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal...

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

CVE-2022-33738

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal...

CVE-2022-33738

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal...

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

Default credentials

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

Design/Logic Flaw

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal...

CVE-2022-33738

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal...

CVE-2022-33738

The CVE-2022-33738 entry concerns OpenVPN Access Server prior to version 2.11, where a weak random generator is used to create user session tokens for the web portal. This weak RNG could potentially compromise session tokens, impacting authentication for the portal. The connected sources corrobor...

CVE-2022-33737

Summary: CVE-2022-33737 affects OpenVPN Access Server installers. The issue arises because the installer creates a log file that is readable by everyone, and in OpenVPN Access Server versions 2.10.0 through 2.10.x (up to but not including 2.11.0) this log may contain a randomly generated administ...

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

OpenVPN 安全特征问题漏洞

OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows created VPNs to be authenticated using a public key, e-certificate, or username/password. A...

PT-2022-21853 · Openvpn · Openvpn Access Server

Name of the Vulnerable Software and Affected Versions: OpenVPN Access Server versions 2.10.0 through 2.10.x and versions prior to 2.11.0, can be simplified to: OpenVPN Access Server versions 2.10.0 through 2.11.0, but since 2.11.0 is not included, it is more accurate to say: OpenVPN Access Server...

OpenVPN 日志信息泄露漏洞

OpenVPN is a software package from US-based OpenVPN Inc. for creating encrypted tunnels for virtual private networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists due to a flaw in netfilter that could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Summary Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

SUSE: Security Advisory (SUSE-SU-2022:1934-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for openvpn (SUSE-SU-2022:1934-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : openvpn (SUSE-SU-2022:1934-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1934-1 advisory. - OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more...