First published: Fri Jun 04 2021(Updated: )
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Credit: security@openvpn.net
Affected Software | Affected Version | How to fix |
---|---|---|
Openvpn Openvpn Access Server | <=2.8.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15077 is a vulnerability in OpenVPN Access Server 2.8.7 and earlier versions that allows remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication.
CVE-2020-15077 has a severity rating of medium with a CVSS score of 5.3.
Remote attackers can exploit CVE-2020-15077 by bypassing authentication and accessing control channel data on servers with deferred authentication.
OpenVPN Access Server versions up to and including 2.8.7 are affected by CVE-2020-15077.
Yes, fixes for CVE-2020-15077 are available. Please refer to the official OpenVPN Security Advisory for the necessary updates.