Description
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Remediation
References
Related Vulnerabilities
Joomla Improper Privilege Management Vulnerability (CVE-2012-1563)
WordPress Other Vulnerability (CVE-2007-1894)
WordPress 3.7.1 Multiple Vulnerabilities (3.7 - 3.7.1)
WordPress Plugin Highlight Search Terms Cross-Site Scripting (1.3)
WordPress Plugin WP Photo Album Plus Cross-Site Request Forgery (4.8.11)