CVE-2020-15078 - log back

CVE-2020-15078 edited at 23 Apr 2021 08:27:02
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Authentication bypass
Description
+ OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
+
+ This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.
+
+ In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. If you are not using one of auth-gen-token, plugin, or management in your config, you are safe.
+
+ The issue is fixed in OpenVPN version 2.5.2.
References
+ https://community.openvpn.net/openvpn/wiki/CVE-2020-15078
+ https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b
+ https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a
+ https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573
Notes
CVE-2020-15078 created at 23 Apr 2021 08:21:07