CVE-2006-2229

Name: CVE-2006-2229
Creator: NVD / NIST
Published: 2006-05-05T19:02:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.35%

Last modified Jun 16, 2026

CVE-2006-2229 is a vulnerability of currently unknown severity. OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.. EPSS estimates a 1.35% chance of exploitation in the next 30 days.

Description

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.

Metrics

EPSS Probability

1.35%

67.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Openvpn	Openvpn	2.0
Openvpn	Openvpn	2.0.1_rc1
Openvpn	Openvpn	2.0.1_rc2
Openvpn	Openvpn	2.0.1_rc3
Openvpn	Openvpn	2.0.1_rc4
Openvpn	Openvpn	2.0.1_rc5
Openvpn	Openvpn	2.0.1_rc6
Openvpn	Openvpn	2.0.1_rc7
Openvpn	Openvpn	2.0.2_rc1
Openvpn	Openvpn	2.0.3_rc1
Openvpn	Openvpn	2.0.4
Openvpn	Openvpn	2.0.6_rc1
Openvpn	Openvpn	2.0_beta1
Openvpn	Openvpn	2.0_beta2
Openvpn	Openvpn	2.0_beta3
Openvpn	Openvpn	2.0_beta4
Openvpn	Openvpn	2.0_beta5
Openvpn	Openvpn	2.0_beta6
Openvpn	Openvpn	2.0_beta7
Openvpn	Openvpn	2.0_beta8
Openvpn	Openvpn	2.0_beta9
Openvpn	Openvpn	2.0_beta10
Openvpn	Openvpn	2.0_beta11
Openvpn	Openvpn	2.0_beta12
Openvpn	Openvpn	2.0_beta13
Openvpn	Openvpn	2.0_beta15
Openvpn	Openvpn	2.0_beta16
Openvpn	Openvpn	2.0_beta17
Openvpn	Openvpn	2.0_beta18
Openvpn	Openvpn	2.0_beta19
Openvpn	Openvpn	2.0_beta20
Openvpn	Openvpn	2.0_beta28
Openvpn	Openvpn	2.0_rc1
Openvpn	Openvpn	2.0_rc2
Openvpn	Openvpn	2.0_rc3
Openvpn	Openvpn	2.0_rc4
Openvpn	Openvpn	2.0_rc5
Openvpn	Openvpn	2.0_rc6
Openvpn	Openvpn	2.0_rc7
Openvpn	Openvpn	2.0_rc8
Openvpn	Openvpn	2.0_rc9
Openvpn	Openvpn	2.0_rc10
Openvpn	Openvpn	2.0_rc11
Openvpn	Openvpn	2.0_rc12
Openvpn	Openvpn	2.0_rc13
Openvpn	Openvpn	2.0_rc14
Openvpn	Openvpn	2.0_rc15
Openvpn	Openvpn	2.0_rc16
Openvpn	Openvpn	2.0_rc17
Openvpn	Openvpn	2.0_rc18

Showing 50 of 85 affected configurations. See NVD for the full list.

References

Timeline

Published: May 5, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-2229?

How severe is CVE-2006-2229?

Severity scoring for CVE-2006-2229 is pending analysis. The EPSS model estimates a 1.35% probability of exploitation in the next 30 days.

How do I fix CVE-2006-2229?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-2229?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST