Openvpn: >> Openvpn Access Server >> 2.10.0 Security Vulnerabilities
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-06
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-06
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-06