Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2016-6329

Published: 31/01/2017 Updated: 09/07/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 388
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Openvpn

Vulnerability Summary

OpenVPN, when using a 64-bit block cipher, makes it easier for remote malicious users to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openvpn openvpn

Vendor Advisories

Ubuntu Security Notice: openvpn vulnerabilities
Several security issues were fixed in OpenVPN ...
Amazon Linux AMI: ALAS-2016-750
Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to a birthday attack when key renegotiation doesn't happen frequently or at all in long running connections The blowfish cipher as used in OpenVPN by default is vulnerable to this attack, allowing a remote attacker to recover partial plaintext information (XOR of two plai ...

References

CWE-310CWE-200https://sweet32.info/https://security.gentoo.org/glsa/201611-02https://community.openvpn.net/openvpn/wiki/SWEET32http://www-01.ibm.com/support/docview.wss?uid=swg21995039http://www-01.ibm.com/support/docview.wss?uid=swg21991482http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697http://www.securitytracker.com/id/1036695http://www.securityfocus.com/bid/92631https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfhttps://usn.ubuntu.com/3339-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook