OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle malicious user to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openvpn openvpn 3.6 |
||
openvpn openvpn 3.6.1 |