A vulnerability has been found in OpenVPN, allowing attackers to bypass the authentication process.
|Package||net-vpn/openvpn on all architectures|
|Affected versions||< 2.5.2|
|Unaffected versions||>= 2.5.2|
OpenVPN is a multi-platform, full-featured SSL VPN solution.
It was discovered that OpenVPN incorrectly handled deferred authentication.
A remote attacker could bypass authentication and access control channel data and trigger further information leaks.
Configure OpenVPN server to not use deferred authentication.
All OpenVPN users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.5.2"
May 26, 2021
May 26, 2021: 1