Download
| Alert*
oval:org.secpod.oval:def:702249
openvpn: virtual private network software OpenVPN could be made to expose sensitive information over the network. oval:org.secpod.oval:def:1600244 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. oval:org.secpod.oval:def:16230 The host is installed with OpenVPN 2.3.0 and earlier are prone to information disclosure vulnerability. The flaw is present in the application, which fails to properly handle the openvpn_decrypt function in crypto.c. Successful exploitation allows remote attackers to cause timing attack involving an ... |