SuSE 11.3 Security Update : openvpn (SAT Patch Number 8493)

OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpndecrypt that might have allowed remote attackers to gain knowledge of plaintext data. CVE-2013-2061 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

SuSE 11.2 Security Update : openvpn (SAT Patch Number 8496)

OpenVPN used a non-constant-time memcmp in HMAC comparison in openvpndecrypt that might have allowed remote attackers to gain knowledge of plaintext data. CVE-2013-2061 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

GLSA-201311-13 : OpenVPN: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201311-13 OpenVPN: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to recover plaintext from...

OpenVPN: Multiple vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description Multiple vulnerabilities have been discovered in OpenVPN. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to recover plaintext from an encrypted communication...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

DEBIAN-CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

Code injection

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

KLA10281 OSI vulnerability in OpenVPN

An unspecified vulnerability was found in OpenVPN. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a timing attack. Original advisories - Related products OpenVPN CVE list CVE-2013-2061 warning Solution Update to...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

CVE-2013-2061

OpenVPN 2.3.0 and earlier is affected in UDP mode due to two issues in crypto.c: (1) openvpn_decrypt uses an HMAC comparison that does not run in constant time, enabling timing-based information disclosure, and (2) a padding oracle risk in the CBC mode cipher. Exploitation could allow an unauthen...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

Amazon Linux AMI : openvpn (ALAS-2013-201)

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. ...

Low: openvpn

Issue Overview: The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the C...

OpenVPN cryptography weakness

It's possible to inject and decript ciphertext in UDP mode...

[ MDVSA-2013:167 ] openvpn

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:167 http://www.mandriva.com/en/support/security/ Package : openvpn Date : May 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated openvpn package fixes security...

Default Password (openvpnas) for 'root' Account

The account 'root' on the remote host has the password 'openvpnas'. An attacker may leverage this issue to gain administrative access to the affected system. Note that OpenVPN Access Server virtual appliances are known to use these credentials to provide complete, administrative access to the...

Mandriva Linux Security Advisory : openvpn (MDVSA-2013:167)

Updated openvpn package fixes security vulnerability : OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementati...

Fedora Update for openvpn FEDORA-2013-7531

Check for the Version of openvpn OpenVAS Vulnerability Test Fedora Update for openvpn FEDORA-2013-7531 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...