The host is installed with OpenVPN 2.1.0 before 2.4.12 or 2.5.x before 2.5.6 and is prone to an authentication bypass vulnerability. A flaw is present in the application, which fails to properly handle servers configured with deferred authentication replies. On Successful exploitation, attacker can be granted access with only partially correct credentials.