The host is installed with OpenVPN before 2.3.12 and is prone to an information disclosure vulnerability. The flaw is present in the application, which fails to properly handle the 64-bit block ciphers such as 3DES and Blowfish. Successful exploitation allows remote attackers to recover plaintext when the same data is sent and can use cross-site scripting vulnerabilities to send data of interest.