The host is installed with OpenVPN Connect before 3.4.0.3100 and is prone to an improper certificate validation vulnerability. A flaw is present in the application which fails to handle a man-in-the-middle attack. Successful exploitation allows attackers to intercept configuration profile download requests which contains the users credentials.