OpenVPN 3 Core library 3.6 and 3.6.1 possible certificate authentication bypass [CVE-2021-3547]

July 12, 2021 Jason Davies 2891 Views 0 Comments CVE-2021-3547, OpenVPN 0 min read

CVE number – CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

This issue is resolved in OpenVPN 3 Core library 3.6.2

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

OpenVPN 3 Core library 3.6 and 3.6.1 possible certificate authentication bypass [CVE-2021-3547]

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply