CVE-2022-33737
CVE-2022-33737
In short
The OpenVPN Access Server installer creates a log file that anyone can read, and this file contains the randomly generated admin password. This means an attacker with local access to the system can easily find and use the admin password to take control of the server.
Technical detail
A world-readable log file is created during installation of OpenVPN Access Server versions 2.10.0 through before 2.11.0, containing the randomly generated administrative password. An attacker with local file system access can read this log to obtain valid credentials for administrative access, bypassing authentication controls.
Summary generated and translated by AI from the official description.
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
Affected products
n/a · OpenVPN Access ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →