CVE-2020-8953Improper Authentication in Access Server

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openvpn Access Server
Timeline
PublishedFeb 13
Latest updateMay 24

Description

OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDopenvpn/openvpn_access_server2.8.02.8.1

🔴Vulnerability Details

1
GHSA
GHSA-2x46-5pjx-vpjx: OpenVPN Access Server 22022-05-24

💬Community

1
Bugzilla
CVE-2020-8953 openvpn: LDAP authentication bypass2020-02-19
CVE-2020-8953 — Improper Authentication | cvebase