OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
09 Sep 2022, 16:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
First Time |
Debian
Debian debian Linux |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html - Mailing List, Third Party Advisory |
03 May 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 14:50
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:* |
|
References | (MISC) https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements - Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/ - Mailing List, Patch, Release Notes, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/ - Mailing List, Patch, Release Notes, Third Party Advisory | |
References | (MISC) https://openvpn.net/community-downloads/ - Patch, Vendor Advisory | |
References | (MISC) https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 - Vendor Advisory | |
First Time |
Openvpn
Fedoraproject Fedoraproject fedora Openvpn openvpn |
26 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Mar 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Mar 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-18 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0547
Mitre link : CVE-2022-0547
CVE.ORG link : CVE-2022-0547
JSON object : View
Products Affected
debian
- debian_linux
openvpn
- openvpn
fedoraproject
- fedora