PT-2020-16746 · Openvpn +1 · Openvpn +1

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue is related to improper certificate validation in the OpenVPN client, allowing man-in-the-middle attackers to spoof servers and obtain sensitive informatio...

Synology QuickConnect servers network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the VPN servers of Synology QuickConnect. The server does not enforce proper subnetting, allowing an attacker to reach any device connected to the VPN. To abuse this vulnerability, the attacker needs to change their subnet...

Sweet32 Attack

OpenVPN is vulnerable to Sweet32 Attack. When using a 64-bit block cipher, it is easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack...

Denial Of Service (DoS)

OpenVPN is vulnerable to denial of service DoS. It has a reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

Cross site scripting

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

CVE-2020-13260

The CVE-2020-13260 entry concerns RAD SecFlow-1v web-based management interface (SF_0290_2.3.01.26). A vulnerability allows an authenticated attacker to upload a JavaScript file as a stored XSS payload, which is saved in the system as an OVPN config or a static key file. The payload executes when...

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

SUSE SLES12 Security Update : openvpn (SUSE-SU-2020:2359-1)

This update for openvpn fixes the following issues : openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch was malformed in a way that caused patch1 to ignore it. bsc959714 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

SUSE-SU-2020:2359-1 Security update for openvpn

This update for openvpn fixes the following issues: - openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch was malformed in a way that caused patch1 to ignore it. bsc959714...

SUSE-SU-2020:14468-1 Security update for openvpn-openssl1

This update for openvpn-openssl1 fixes the following issues: - Fixed Out of bounds read on getaddrinfo result bsc959714...

The vulnerability of the astra-openvpn-server administration system, related to data processing errors, allows a hacker to trigger a service failure.

The vulnerability of the astra-openvpn-server administration system is related to a data processing error. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures by modifying the default file save path...

Amazon Linux AMI : openvpn (ALAS-2020-1410)

The version of openvpn installed on the remote host is prior to 2.4.9-1.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1410 advisory. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-...

Medium: openvpn

Issue Overview: This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation.CVE-2020-11810 Affected...

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp...

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp...

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp...