OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openvpn | Openvpn | 3.6 (including) | 3.6 (including) |
Openvpn | Openvpn | 3.6.1 (including) | 3.6.1 (including) |