OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Openvpn
  • Connect

Configuration 1 [-]

OR cpe:2.3:a:openvpn:connect:*:*:*:*:*:windows:*:*
cpe:2.3:a:openvpn:connect:*:*:*:*:*:macos:*:*
References
Link Resource
https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/ Release Notes
https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/ Release Notes
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: OpenVPN

Published: 2023-10-17T12:10:36.100Z

Updated: 2023-10-17T12:10:36.100Z

Reserved: 2022-10-31T07:38:29.762Z

Link: CVE-2022-3761

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-10-17T13:15:11.573

Modified: 2023-10-24T17:34:27.393

Link: CVE-2022-3761

JSON object: View

cve-icon Redhat Information

No data.

CWE