Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
CVSS Information
N/A
Vulnerability Type
使用基本弱点进行的认证绕过
Vulnerability Title
OpenVPN 信任管理问题漏洞
Vulnerability Description
OpenVPN是美国OpenVPN公司的一个用于创建虚拟专用网络(VPN)加密通道的软件包,它使用OpenSSL库来加密数据与控制信息,并允许创建的VPN使用公开密钥、电子证书或者用户名/密码来进行身份验证。 OpenVPN 中存在信任管理问题漏洞,该漏洞源于当用户配置为verify-x509-name选项时,客户端未验证服务端证书的有效性,攻击者可通过修改主机名绕过证书认证模拟服务端与客户端进行交互。以下产品及版本受到影响:OpenVPN 3.6 版本、 OpenVPN 3.6.1 版本。
CVSS Information
N/A
Vulnerability Type
N/A