Vulnerability identifier: #VU380

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6329

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenVPN
Server applications / Remote access servers, VPN

Vendor: openvpn.net

Description

The vulnerability allows attackers to gain access to potentially sensitive information.

The vulnerability exists due to capturing of long duration Blowfish CBC mode encrypted TLS session. Repeated sending of communication protocol with parts of the plaintext helps attackers to reconstruct the secret information.

Successful exploitation of this vulnerability may allow a remote attacker to access potentially sensitive data.

Mitigation
The vendor plans to issue a new version 2.3.12.

Vulnerable software versions

OpenVPN: 2.0 - 2.0.10, 2.1 - 2.1.28.0, 2.3.0 - 2.3.5, 2.2 - 2.2.2, 1.3.0 - 1.3.2, 1.4.0 - 1.4.3, 1.2.0 - 1.2.1, 1.6.0, 1.5.0

---

External links
http:openvpn.net/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.