{"id":"CVE-2020-15078","details":"OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.","modified":"2026-03-20T11:33:45.771305Z","published":"2021-04-26T14:15:08.623Z","related":["MGASA-2021-0302","SUSE-SU-2021:14723-1","SUSE-SU-2021:1576-1","SUSE-SU-2021:1577-1","openSUSE-SU-2021:0734-1","openSUSE-SU-2024:11128-1"],"references":[{"type":"WEB","url":"https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJUXEYHUPREEBPX23VPEKMFXUPVO3PMU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGEGLC4YGBDN5CGHTNWN2GH6DJJA36T2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLDB3OBQ3AODYYRN7NRCABV6I4AUFAT6/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00002.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202105-25"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/usn/usn-4933-1"},{"type":"FIX","url":"https://community.openvpn.net/openvpn/wiki/CVE-2020-15078"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvpn/openvpn","events":[{"introduced":"0"},{"fixed":"092734634796e9637920e029fea716afc146cd82"},{"introduced":"a73072d8f780e888aca7d79b993b1e59c9d8f364"},{"fixed":"23ae78e657052748be68b623ca8122e4103dc7e0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.11"},{"introduced":"2.5.0"},{"fixed":"2.5.2"}]}}],"versions":["v2.5.0","v2.5.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.10"}]},{"events":[{"introduced":"0"},{"last_affected":"21.04"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15078.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}