CVE-2020-8953
Published: 13 February 2020
OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is enrolled in two-factor authentication).
Notes
| Author | Note |
|---|---|
| msalvatore | only affects OpenVPN Access Server v2.8.0 |
| mdeslaur | OpenVPN Access server is the commercial application. |
Priority
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
openvpn Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| eoan |
Not vulnerable
(code not present)
|
|
| precise |
Not vulnerable
(code not present)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Not vulnerable
(code not present)
|
|
| xenial |
Not vulnerable
(code not present)
|