CVE-2006-2229
published 2006-05-05CVE-2006-2229: OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the…
PriorityP416medium4CVSS 2.0
AVNACHAuNCPINAP
EPSS
1.35%
67.9th percentile
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
Affected
85 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
| openvpn | openvpn | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:H/Au:N/C:P/I:N/A:P
osv4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6wh-cc86-fx6h: OpenVPN 2
ghsa_unreviewed·2022-05-01
CVE-2006-2229 [MEDIUM] GHSA-q6wh-cc86-fx6h: OpenVPN 2
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
OSV
CVE-2006-2229: OpenVPN 2
osv·2006-05-05·CVSS 4.0
CVE-2006-2229 [MEDIUM] CVE-2006-2229: OpenVPN 2
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://openvpn.net/man.htmlhttp://www.osvdb.org/25660http://www.securityfocus.com/archive/1/432863/100/0/threadedhttp://www.securityfocus.com/archive/1/432867/100/0/threadedhttp://www.securityfocus.com/archive/1/433000/100/0/threadedhttp://openvpn.net/man.htmlhttp://www.osvdb.org/25660http://www.securityfocus.com/archive/1/432863/100/0/threadedhttp://www.securityfocus.com/archive/1/432867/100/0/threadedhttp://www.securityfocus.com/archive/1/433000/100/0/threaded
2006-05-05
Published