OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • CVE-2020-15078
« previous next »
  • Print
Pages: [1]

Author Topic: CVE-2020-15078  (Read 2263 times)

giffordj

  • Newbie
  • *
  • Posts: 10
  • Karma: 0
    • View Profile
CVE-2020-15078
« on: April 28, 2021, 10:05:53 pm »
I was running a security audit and came across this, will this be addressed?

CVE-2020-15078
Overview
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Detailed description
This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.

In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account.
Logged

gfeiner

  • Newbie
  • *
  • Posts: 10
  • Karma: 0
    • View Profile
Re: CVE-2020-15078
« Reply #1 on: April 28, 2021, 10:29:18 pm »
https://forum.opnsense.org/index.php?topic=22765.0
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17660
  • Karma: 1611
    • View Profile
Re: CVE-2020-15078
« Reply #2 on: April 29, 2021, 09:07:52 pm »
See https://github.com/opnsense/core/issues/4961


Cheers,
Franco
Logged

giffordj

  • Newbie
  • *
  • Posts: 10
  • Karma: 0
    • View Profile
Re: CVE-2020-15078
« Reply #3 on: April 29, 2021, 10:44:20 pm »
Thanks for the update.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.1 Legacy Series »
  • CVE-2020-15078
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2