Description
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://openvpn.net/vpn-server-resources/release-notes/
Scores
CVSS v3
7.5
EPSS
0.0104
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-302
CWE-613
Status
published
Products (1)
openvpn/openvpn_access_server
< 2.8.4
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026