Published: 18/11/2013 Updated: 12/05/2020

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and previous versions, when running in UDP mode, allows remote malicious users to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openvpn openvpn 1.6.0
openvpn openvpn 1.5.0
openvpn openvpn 1.3.0
openvpn openvpn 1.2.1
openvpn openvpn 2.1.0
openvpn openvpn access server 2.0.0
openvpn openvpn 1.3.2
openvpn openvpn 1.3.1
openvpn openvpn 1.4.3
openvpn openvpn 1.4.2
openvpn openvpn 1.2.0
openvpn openvpn
openvpn openvpn 2.2.0
openvpn openvpn 1.4.1
openvpn openvpn 1.4.0
opensuse opensuse 11.4

Debian Bug report logs - #707329 openvpn: CVE-2013-2061: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt Package: openvpn; Maintainer for openvpn is Bernhard Schmidt <berni@debianorg>; Source for openvpn is src:openvpn (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> ...

OpenVPN could be made to expose sensitive information over the network ...

The openvpn_decrypt function in cryptoc in OpenVPN 230 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher ...

CWE-200 https://github.com/OpenVPN/openvpn/commit/11d21349a4e7e38a025849479b36ace7c2eec2ee https://bugzilla.redhat.com/show_bug.cgi?id=960192 http://www.openwall.com/lists/oss-security/2013/05/06/6 http://lists.opensuse.org/opensuse-updates/2013-11/msg00016.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00012.html https://bugs.gentoo.org/show_bug.cgi?id=468756 https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc http://www.mandriva.com/security/advisories?name=MDVSA-2013:167 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105568.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105609.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707329 https://usn.ubuntu.com/2368-1/https://nvd.nist.gov

CVE-2013-2061

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect