{"containers": {"cna": {"affected": [{"product": "OpenVPN Access Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "2.8.3 and prior versions in addition to 2.9.5"}]}], "descriptions": [{"lang": "en", "value": "OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-302", "description": "CWE-302: Authentication Bypass by Assumed-Immutable Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-22T18:04:24", "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "shortName": "OpenVPN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://openvpn.net/vpn-server-resources/release-notes/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@openvpn.net", "ID": "CVE-2020-15074", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenVPN Access Server", "version": {"version_data": [{"version_value": "2.8.3 and prior versions in addition to 2.9.5"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-302: Authentication Bypass by Assumed-Immutable Data"}]}]}, "references": {"reference_data": [{"name": "https://openvpn.net/vpn-server-resources/release-notes/", "refsource": "MISC", "url": "https://openvpn.net/vpn-server-resources/release-notes/"}]}}}}, "cveMetadata": {"assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e", "assignerShortName": "OpenVPN", "cveId": "CVE-2020-15074", "datePublished": "2020-07-14T17:27:31", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2021-11-22T18:04:24", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A2A3EA8-FDC3-4C27-B59A-9EFC11395F60", "versionEndExcluding": "2.8.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openvpn:openvpn_access_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8833B00-0170-42C7-99BB-D1E53CC32380", "versionEndExcluding": "2.9.6", "versionStartIncluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp."}, {"lang": "es", "value": "El servidor de acceso OpenVPN anterior a la versi\u00f3n 2.8.4 y la versi\u00f3n 2.9.5 genera nuevos tokens de autenticaci\u00f3n de usuario en lugar de reutilizar los tokens existentes en la reconexi\u00f3n, lo que permite eludir la marca de tiempo de caducidad del token inicial"}], "id": "CVE-2020-15074", "lastModified": "2021-11-23T22:25:50.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-14T18:15:14.680", "references": [{"source": "security@openvpn.net", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://openvpn.net/vpn-server-resources/release-notes/"}], "sourceIdentifier": "security@openvpn.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-302"}], "source": "security@openvpn.net", "type": "Secondary"}]}

{}