CVE-2020-15074
First published: Tue Jul 14 2020(Updated: )
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
Credit: security@openvpn.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openvpn Openvpn Access Server | <2.8.4 | |
| Openvpn Openvpn Access Server | >=2.9.0<2.9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-15074?
CVE-2020-15074 is a vulnerability in OpenVPN Access Server older than version 2.8.4 and version 2.9.5 that allows circumvention of token expiry timestamp.
How does CVE-2020-15074 affect OpenVPN Access Server?
CVE-2020-15074 affects OpenVPN Access Server older than version 2.8.4 and version 2.9.5, where it generates new user authentication tokens instead of reusing existing ones on reconnect.
What is the severity of CVE-2020-15074?
The severity of CVE-2020-15074 is high (7.5).
How can I fix CVE-2020-15074?
To fix CVE-2020-15074, you need to upgrade your OpenVPN Access Server to version 2.8.4 or higher, or version 2.9.6 or higher.
Where can I find more information about CVE-2020-15074?
You can find more information about CVE-2020-15074 in the release notes of OpenVPN Access Server: https://openvpn.net/vpn-server-resources/release-notes/
- collector/nvd-index
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/openvpn
- canonical/openvpn openvpn access server
- version/openvpn openvpn access server/2.9.0