First published: Wed Jul 06 2022(Updated: )
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal
Credit: security@openvpn.net
Affected Software | Affected Version | How to fix |
---|---|---|
Openvpn Openvpn Access Server | <2.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this OpenVPN Access Server vulnerability is CVE-2022-33738.
The severity of CVE-2022-33738 is high, with a CVSS score of 7.5.
The affected software for CVE-2022-33738 is OpenVPN Access Server before version 2.11.
CVE-2022-33738 is a vulnerability in OpenVPN Access Server before 2.11 that uses a weak random generator for creating user session tokens in the web portal.
Yes, a fix is available for CVE-2022-33738. Users should update to OpenVPN Access Server version 2.11 or higher.