openvpn -- deferred authentication can be bypassed in specific circumstances

Gert Döring reports: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

OpenVPN Security Vulnerabilities

Openvpn OpenVPN is a software package from the US company Openvpn for creating virtual private network VPN encrypted tunnels that use the OpenSSL library to encrypt data and control information and allow the created VPN to be authenticated using a public key, an electronic certificate, or a...

PT-2021-6006 · Perfact · Openvpn-Client

Name of the Vulnerable Software and Affected Versions: PerFact OpenVPN-Client versions 1.4.1.0 and prior Description: The issue allows an attacker to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instan...

PerFact OpenVPN-Client

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PerFact Equipment: OpenVPN-Client Vulnerability: External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for local privilege...

Command Execution Vulnerability in OpenVPN

OpenVPN is a software package for creating encrypted channels for virtual private networks. OpenVPN has a command execution vulnerability that can be exploited by an attacker to elevate privileges...

Bento - A Minimal Fedora-Based Container For Penetration Tests And CTF With The Sweet Addition Of GUI Applications

A bento 弁当, bentō is a single-portion take-out or home-packed meal of Japanese origin. Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players. It has the portability of Docker with the addition of X, so you can also run GUI application like burp...

Internet Bug Bounty: Some build dependencies are downloaded over an insecure channel (without subsequent integrity checks)

Summary: Build jobs mingw64 | openssl-1.1.1d and mingw32 | openssl-1.0.2u download dependencies from build.openvpn.net and www.oberhumer.comover an insecure channel http, not https and do not check their integrity in any way. This opens the door to person-in-the-middle attacks, whereby an attacke...

Security fix for the ALT Linux 9 package openvpn version 2.4.9-alt1

2.4.9-alt1 built Nov. 19, 2020 Nikolay A. Fetisov in task 261903 Nov. 16, 2020 Nikolay A. Fetisov - New version - Security fixes: + CVE-2020-11810: race condition allowes one client kills other client session via false client floating Closes: 39122...

Synology Router Manager Trust Management Issue Vulnerability

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. A security vulnerability exists in Synology Router Manager SRM versions prior to 1.2.4-8081, which stems from an improper certificate validation vulnerability in the OpenVP...

Synology DiskStation Manager Trust Management Issue Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in Synology DiskStation Manager DSM versions...

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2020-27649

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2020-27649

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Input validation

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Input validation

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2020-27648

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2020-27648

CVE-2020-27648 affects Synology DiskStation Manager (DSM) via the OpenVPN client before 6.2.3-25426-2. The issue is improper certificate validation in the OpenVPN client, enabling MITM attackers to spoof servers and obtain sensitive information with a crafted certificate. Public disclosures in th...

CVE-2020-27649

CVE-2020-27649 is an improper certificate validation vulnerability in the OpenVPN client used by Synology SRM. The issue enables MITM attackers to spoof the VPN server and access sensitive data via a crafted certificate on SRM versions prior to 1.2.4-8081. Talos describes an in-depth attack chain...

CVE-2020-27649

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...