Changes between Version 2 and Version 3 of CVE-2022-0547


Ignore:
Timestamp:
03/15/22 20:18:55 (9 months ago)
Author:
Gert Döring
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CVE-2022-0547

    v2 v3  
    11= CVE-2022-0547: Potential authentication by-pass with multiple deferred authentication plug-ins
    22
    3 OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
     3OpenVPN 2.1 up to v2.4.11 and v2.5.5 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
    44
    55This issue is resolved in OpenVPN 2.4.12 and v2.5.6 where the OpenVPN server process will stop running with the following error message in the logs: