Openvpn: >> Connect >> 1.1.24 Security Vulnerabilities
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic
CVSS Score
7.5
EPSS Score
0.002
Published
2025-01-06
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
CVSS Score
7.8
EPSS Score
0.02
Published
2020-02-28