Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-0547

CVE-2022-0547

March 18, 2022

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

Related Resources (12)

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements

https://security-tracker.debian.org/tracker/CVE-2022-0547

https://community.openvpn.net/openvpn/wiki/CVE-2022-0547

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/

https://security.alpinelinux.org/vuln/CVE-2022-0547

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJ35WKPME4HYNQCQNAJHLCZOJL2SAE/

https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html

https://openvpn.net/community-downloads/

https://people.canonical.com/~ubuntu-security/cve/CVE-2022-0547

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R36OYC5SJ6FLPVAYJYYT4MOJ2I7MGYFF/