A vulnerability has been found in OpenVPN, allowing attackers to bypass the authentication process.
Package | net-vpn/openvpn on all architectures |
---|---|
Affected versions | < 2.5.2 |
Unaffected versions | >= 2.5.2 |
OpenVPN is a multi-platform, full-featured SSL VPN solution.
It was discovered that OpenVPN incorrectly handled deferred authentication.
A remote attacker could bypass authentication and access control channel data and trigger further information leaks.
Configure OpenVPN server to not use deferred authentication.
All OpenVPN users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.5.2"
Release date
May 26, 2021
Latest revision
May 26, 2021: 1
Severity
normal
Exploitable
remote
Bugzilla entries