Vulnerabilities > CVE-2020-15074 - Insufficient Session Expiration vulnerability in Openvpn Access Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
openvpn
CWE-613
NVD
Published: 2020-07-14
Updated: 2021-11-23

Summary

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

Vulnerable Configurations

Part Description Count
Application
Openvpn
44

Common Weakness Enumeration (CWE)

References