Vulnerability CVE-2022-0547: Information
Description
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openvpn | sisyphus | 2.5.6-alt1 | 2.6.10-alt1 | ALT-PU-2022-1915-1 | 300360 | Fixed |
openvpn | sisyphus_e2k | 2.5.6-alt1 | 2.6.10-alt1 | ALT-PU-2022-5040-1 | - | Fixed |
openvpn | sisyphus_riscv64 | 2.5.6-alt1 | 2.6.10-alt1 | ALT-PU-2022-5035-1 | - | Fixed |
openvpn | p10 | 2.5.6-alt1 | 2.5.6-alt1 | ALT-PU-2022-1936-1 | 300403 | Fixed |
openvpn | p10_e2k | 2.5.6-alt1 | 2.5.6-alt1 | ALT-PU-2022-5085-1 | - | Fixed |
openvpn | p9 | 2.5.6-alt1 | 2.5.6-alt1 | ALT-PU-2022-2690-1 | 305924 | Fixed |
openvpn | p9_e2k | 2.5.6-alt1 | 2.5.6-alt1 | ALT-PU-2022-6432-1 | - | Fixed |
openvpn | c10f1 | 2.5.6-alt1 | 2.5.6-alt1 | ALT-PU-2022-1936-1 | 300403 | Fixed |
openvpn | c9f2 | 2.4.9-alt1.c9f2.2 | 2.4.9-alt1.c9f2.2 | ALT-PU-2022-2268-1 | 299848 | Fixed |
openvpn | p11 | 2.5.6-alt1 | 2.6.10-alt1 | ALT-PU-2022-1915-1 | 300360 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://openvpn.net/community-downloads/ |
|
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements |
|
https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 |
|
[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update |
|
FEDORA-2022-7d46acce7c | |
FEDORA-2022-cb4c1146dc |