OpenVPN: Authentication bypass A vulnerability has been found in OpenVPN, allowing attackers to bypass the authentication process. openvpn 2021-05-26 2021-05-26 785115 remote 2.5.2 2.5.2

OpenVPN is a multi-platform, full-featured SSL VPN solution.

It was discovered that OpenVPN incorrectly handled deferred authentication.

A remote attacker could bypass authentication and access control channel data and trigger further information leaks.

Configure OpenVPN server to not use deferred authentication.

All OpenVPN users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.5.2" CVE-2020-15078 whissi whissi