CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via %0A characters in the PATH_INFO to session_start/.
Weakness
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openvpn_access_server | Openvpn | 2.1.4 (including) | 2.1.4 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://www.openwall.com/lists/oss-security/2017/05/23/13
- http://www.securitytracker.com/id/1038547
- https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/
- http://www.openwall.com/lists/oss-security/2017/05/23/13
- http://www.securitytracker.com/id/1038547
- https://sysdream.com/news/lab/2017-05-05-cve-2017-5868-openvpn-access-server-crlf-injection-with-session-fixation/