3 matches found
CVE-2026-41070
OpenVPN OAuth2 plugin flaw exists in the experimental plugin mode: from v1.26.3 to before v1.27.3, clients that do not support WebAuth/SSO (e.g., Linux openvpn CLI) could be admitted even when authentication logic denied access. Root cause: in handleAuthUserPassVerify, ClientAuthDeny wrote "0" to...
Linux Distros Unpatched Vulnerability : CVE-2022-0547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred...
GLSA-202105-25 : OpenVPN: Authentication bypass
The remote host is affected by the vulnerability described in GLSA-202105-25 OpenVPN: Authentication bypass It was discovered that OpenVPN incorrectly handled deferred authentication. Impact : A remote attacker could bypass authentication and access control channel data and trigger further...