Unrated severityNVD Advisory· Published Oct 14, 2010· Updated Apr 29, 2026

CVE-2010-3902

Description

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.

Affected products

Infradead/Openconnect6 versions
cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:infradead:openconnect:*:*:*:*:*:*:*:*range: <=2.25
- cpe:2.3:a:infradead:openconnect:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:infradead:openconnect:2.22:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/pipermail/package-announce/2010-November/051620.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2010-November/051637.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2010-November/051640.htmlnvd
secunia.com/advisories/42381nvd
www.infradead.org/openconnect.htmlnvd
www.securityfocus.com/bid/44111nvd
www.vupen.com/english/advisories/2010/3078nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000