CVE-2020-8953
First published: Thu Feb 13 2020(Updated: )
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openvpn Openvpn Access Server | >=2.8.0<2.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-8953?
The severity of CVE-2020-8953 is critical.
What is the affected software for CVE-2020-8953?
The affected software for CVE-2020-8953 is OpenVPN Access Server version 2.8.x before 2.8.1.
Is LDAP authentication bypass possible in OpenVPN Access Server 2.8.x?
Yes, LDAP authentication bypass is possible in OpenVPN Access Server 2.8.x before 2.8.1 (except when a user is enrolled in two-factor authentication).
How can I fix CVE-2020-8953?
To fix CVE-2020-8953, upgrade your OpenVPN Access Server to version 2.8.1 or later.
Where can I find more information about CVE-2020-8953?
For more information about CVE-2020-8953, you can refer to the security advisory at https://openvpn.net/security-advisories/
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/openvpn
- canonical/openvpn openvpn access server
- version/openvpn openvpn access server/2.8.0