Changes between Version 1 and Version 2 of CVE-2022-0547


Ignore:
Timestamp:
03/15/22 19:53:58 (9 months ago)
Author:
David Sommerseth
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CVE-2022-0547

    v1 v2  
    33OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
    44
    5 This issue is resolved in OpenVPN 2.4.12 and v2.5.6.
     5This issue is resolved in OpenVPN 2.4.12 and v2.5.6 where the OpenVPN server process will stop running with the following error message in the logs:
     6
     7{{{
     8Exiting due to multiple authentication plug-ins performing deferred authentication.  Only one authentication plug-in doing deferred auth is allowed.  Ignoring the result and stopping now, the current authentication result is not to be trusted.
     9}}}