18 Mar
2022
18 Mar
'22
8:41 p.m.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A potential authentication bypass vulnerability has been reported in OpenVPN. This vulnerability was assigned CVE-2022-0547. All versions of OpenVPN-NL 2.4.x are affected as well.
When using multiple deferred authentication plugins in an OpenVPN server, it can happen that a user is admitted even if one of the plugins rejects them.
This bug can be avoided by running at most one deferred authentication plugin. There is no issue using multiple non-deferred authentication plugins.
Link to the announcement at openvpn.net: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
Best regards, Max Fillinger
-----BEGIN PGP SIGNATURE-----
iQHXBAEBCABBFiEEXj3Vjj5AbsDlPfHO5IsYow7qaagFAmI07WgjHG1heGltaWxp
YW4uZmlsbGluZ2VyQGZveGNyeXB0by5jb20ACgkQ5IsYow7qaaj8TQv/SwbhiidG
rriwOpZASgu8jrj9dD7pdslBx9y4iUyqvYhn68mi3J/+9U3TKAvJc/QG/VSpUjzH
Q32YRFh8myY7bUrUMsr3w9clJVr94P+yq9VemfXSyMa0cnem+ifLDE0CSOt8Pj6X
nBhYHy/72P4ZEx1+ycrJvGruNgGGcSo40u00KMoclrDdfaOemofWjjGTF6UcNGh7
a9XysNhc8ylRODjH0t+Q4oM8BkjKgoX89B/2+f33R0Zv6c7LLGf4ghYGfxQ4LfNy
DPpeONTArOe9Dh1GZcGMCo0gbAiLMMbI7YOVETKiK9uTQCMi2JdoIerBU9kbx/7q
wi0n+iWKT1ptHlzl8t3UVjJTif4nzRdeaRzpiRwDfY0mF/+Ig2luhzcizLlMaZj8
piD8HvtdPFLOUN7+Ff+Xw27GN021Rg7Uy2NC95dpDFKvSUTWKd8e5x+qH/KXzII/
LGL4WHczDjmjaxUduDb6CR5Z2cQgNdFqG8cm1KWSuFdiMGq0zLzREyVp
=wAlk
-----END PGP SIGNATURE-----
1024
Age (days ago)
1024
Last active (days ago)
list-openvpn-nl@lists.fox-it.com
0 comments
1 participants
participants (1)
-
Max Fillinger