Multiple cross-site request forgery (CSRF) vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) disconnecting established VPN sessions, (2) connect to arbitrary VPN servers, or (3) create VPN profiles and

Dec 05, 2019 The VORACLE attack vulnerability | OpenVPN For now, it is advised that users of the OpenVPN Access Server and the OpenVPN Connect Client software disable the use of compression. This effectively makes exploiting this vulnerability impossible. This can very easily be done on the OpenVPN Access Server by going to the admin web interface, and going to Advanced VPN. OpenVPN vulnerable to Shellshock Bash vulnerability Sep 30, 2014

OpenVPN 2.4 Evaluation Summary and Report

Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Jun 22, 2017 Kaspersky Threats — KLA10281

OpenVPN vulnerable to Shellshock Bash vulnerability

Green and his team looked for both memory-related vulnerabilities (e.g. buffer overflows and use-after-free) and cryptographic weaknesses. A security review of OpenVPN was also conducted by Quarkslab over a 50-day period between February and April, with funding from the Open Source Technology Improvement Fund (OSTIF). OpenVPN servers can be vulnerable to Shellshock Bash Oct 01, 2014 OpenVPN Software Has Security Flaws: Patch It Now | Tom's Jun 22, 2017 OpenVPN 2.4 Evaluation Summary and Report May 11, 2017