VYPR
Unrated severityNVD Advisory· Published Jul 12, 2021· Updated Aug 3, 2024

CVE-2021-3547

CVE-2021-3547

Description

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

Affected products

2
  • OpenVPN/OpenVPN 3 Core Librarydescription
  • OpenVPN/OpenVPNllm-fuzzy
    Range: 3.6, 3.6.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.