CVE-2022-3761

CVSS V2 None CVSS V3 None

Description

OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials

Overview

CVE ID
CVE-2022-3761

Assigner
OpenVPN

Vulnerability Status
PUBLISHED

Published Version
2023-10-17T12:10:36.100Z

Last Modified Date
2023-10-17T12:10:36.100Z

Weakness Enumerations

CWE	URL
CWE-295	http://cwe.mitre.org/data/definitions/295.html

References

Reference URL	Reference Tags
https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/
https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-3761
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3761

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 16:46:44				Added to TrackCVE