openvpn.git/debian/patches/CVE-2020-15078-2.patch, branch master Debian repo for openvpn CVE-2020-15078: Authentication bypass with deferred authentication 2021-04-28T13:12:01+00:00 Bernhard Schmidt berni@debian.org 2021-04-28T12:38:07+00:00 a398f557fd1320096e140f8ca297481ae75e12b3 Overview OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. Detailed description This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. Pre-Dependency: CVE-2020-15078-0.patch: https://github.com/OpenVPN/openvpn/commit/14511010 CVE-Fix: CVE-2020-15078-1.patch: https://github.com/OpenVPN/openvpn/commit/3aca477a CVE-2020-15078-2.patch: https://github.com/OpenVPN/openvpn/commit/3d18e308 CVE-2020-15078-3.patch: https://github.com/OpenVPN/openvpn/commit/f7b3bf06 Closes: #987380 
Overview

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass
authentication and access control channel data on servers configured
with deferred authentication, which can be used to potentially trigger
further information leaks.

Detailed description

This bug allows - under very specific circumstances - to trick a server
using delayed authentication (plugin or management) into returning a
PUSH_REPLY before the AUTH_FAILED message, which can possibly be used
to gather information about a VPN setup.

In combination with "--auth-gen-token" or a user-specific token auth
solution it can be possible to get access to a VPN with an
otherwise-invalid account.

Pre-Dependency:
CVE-2020-15078-0.patch: https://github.com/OpenVPN/openvpn/commit/14511010

CVE-Fix:
CVE-2020-15078-1.patch: https://github.com/OpenVPN/openvpn/commit/3aca477a
CVE-2020-15078-2.patch: https://github.com/OpenVPN/openvpn/commit/3d18e308
CVE-2020-15078-3.patch: https://github.com/OpenVPN/openvpn/commit/f7b3bf06

Closes: #987380