Description

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

Remediation

References

CVE-2020-15074

Related Vulnerabilities

e107 Other Vulnerability (CVE-2005-3594)

WordPress Plugin Google XML Sitemap for Images Cross-Site Request Forgery (2.1.3)

WordPress Plugin Highlight Cross-Site Scripting (0.9.2)

WordPress Plugin WP e-Commerce-Store Exporter Privilege Escalation (1.6.6)

WordPress Plugin Sitewide Notice WP Cross-Site Scripting (2.2)

Severity

High

Classification

CVE-2020-15074 CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities