Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
OpenVPN AS Insufficient Session Expiration Vulnerability - CVE-2020-15074 - Vulnerability Database
OpenVPN AS

OpenVPN AS Insufficient Session Expiration Vulnerability - CVE-2020-15074

High
Reference: CVE-2020-15074
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-15074
Title: OpenVPN AS Insufficient Session Expiration Vulnerability
Overview:

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.