CVE-2005-2531
Last modified
CVE-2005-2531 is a vulnerability of currently unknown severity. OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.. EPSS estimates a 1.97% chance of exploitation in the next 30 days.
Description
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openvpn | Openvpn | 2.0 |
| Openvpn | Openvpn | 2.0.1_rc1 |
| Openvpn | Openvpn | 2.0.1_rc2 |
| Openvpn | Openvpn | 2.0.1_rc3 |
| Openvpn | Openvpn | 2.0.1_rc4 |
| Openvpn | Openvpn | 2.0.1_rc5 |
| Openvpn | Openvpn | 2.0.1_rc6 |
| Openvpn | Openvpn | 2.0.1_rc7 |
| Openvpn | Openvpn | 2.0_beta1 |
| Openvpn | Openvpn | 2.0_beta2 |
| Openvpn | Openvpn | 2.0_beta3 |
| Openvpn | Openvpn | 2.0_beta4 |
| Openvpn | Openvpn | 2.0_beta5 |
| Openvpn | Openvpn | 2.0_beta6 |
| Openvpn | Openvpn | 2.0_beta7 |
| Openvpn | Openvpn | 2.0_beta8 |
| Openvpn | Openvpn | 2.0_beta9 |
| Openvpn | Openvpn | 2.0_beta10 |
| Openvpn | Openvpn | 2.0_beta11 |
| Openvpn | Openvpn | 2.0_beta12 |
| Openvpn | Openvpn | 2.0_beta13 |
| Openvpn | Openvpn | 2.0_beta15 |
| Openvpn | Openvpn | 2.0_beta16 |
| Openvpn | Openvpn | 2.0_beta17 |
| Openvpn | Openvpn | 2.0_beta18 |
| Openvpn | Openvpn | 2.0_beta19 |
| Openvpn | Openvpn | 2.0_beta20 |
| Openvpn | Openvpn | 2.0_beta28 |
| Openvpn | Openvpn | 2.0_rc1 |
| Openvpn | Openvpn | 2.0_rc2 |
| Openvpn | Openvpn | 2.0_rc3 |
| Openvpn | Openvpn | 2.0_rc4 |
| Openvpn | Openvpn | 2.0_rc5 |
| Openvpn | Openvpn | 2.0_rc6 |
| Openvpn | Openvpn | 2.0_rc7 |
| Openvpn | Openvpn | 2.0_rc8 |
| Openvpn | Openvpn | 2.0_rc9 |
| Openvpn | Openvpn | 2.0_rc10 |
| Openvpn | Openvpn | 2.0_rc11 |
| Openvpn | Openvpn | 2.0_rc12 |
| Openvpn | Openvpn | 2.0_rc13 |
| Openvpn | Openvpn | 2.0_rc14 |
| Openvpn | Openvpn | 2.0_rc15 |
| Openvpn | Openvpn | 2.0_rc16 |
| Openvpn | Openvpn | 2.0_rc17 |
| Openvpn | Openvpn | 2.0_rc18 |
| Openvpn | Openvpn | 2.0_rc19 |
| Openvpn | Openvpn | 2.0_rc20 |
| Openvpn | Openvpn | 2.0_rc21 |
| Openvpn | Openvpn | 2.0_test1 |
Showing 50 of 74 affected configurations. See NVD for the full list.
References
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:145Patch, Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:145Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-2531?
How severe is CVE-2005-2531?
How do I fix CVE-2005-2531?
Are you affected by CVE-2005-2531?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST