Vulnerability Name:

CVE-2006-2229 (CCN-26284)

Assigned:2006-05-03
Published:2006-05-03
Updated:2020-05-12
Summary:OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed May 03 2006 - 12:12:35 CDT
OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

Source: CCN
Type: BugTraq Mailing List, Wed May 03 2006 - 15:14:09 CDT
Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

Source: MITRE
Type: CNA
CVE-2006-2229

Source: CCN
Type: OpenVPN Web site
OpenVPN - An Open Source SSL VPN Solution by James Yonan

Source: MISC
Type: UNKNOWN
http://openvpn.net/man.html

Source: OSVDB
Type: UNKNOWN
25660

Source: CCN
Type: OSVDB ID: 25660
OpenVPN --management Option Cleartext Password Disclosure

Source: BUGTRAQ
Type: UNKNOWN
20060503 OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

Source: BUGTRAQ
Type: UNKNOWN
20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

Source: BUGTRAQ
Type: UNKNOWN
20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

Source: XF
Type: UNKNOWN
openvpn-mgmt-interface-no-authentication(26284)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openvpn:openvpn:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.1_rc7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.2_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.3_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0.6_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta8:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta9:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta10:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta11:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta12:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta13:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta15:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta16:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta17:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta18:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta19:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta20:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_beta28:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc8:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc9:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc10:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc11:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc12:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc13:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc14:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc15:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc16:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc17:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc18:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc19:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc20:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_rc21:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test3:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test4:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test7:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test8:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test9:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test10:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test11:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test12:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test14:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test15:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test16:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test17:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test18:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test19:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test20:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test21:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test22:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test23:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test24:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test25:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test26:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test27:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn:2.0_test29:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn_access_server:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn_access_server:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn_access_server:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn_access_server:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:openvpn:openvpn_access_server:2.0.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openvpn openvpn 2.0
    openvpn openvpn 2.0.1_rc1
    openvpn openvpn 2.0.1_rc2
    openvpn openvpn 2.0.1_rc3
    openvpn openvpn 2.0.1_rc4
    openvpn openvpn 2.0.1_rc5
    openvpn openvpn 2.0.1_rc6
    openvpn openvpn 2.0.1_rc7
    openvpn openvpn 2.0.2_rc1
    openvpn openvpn 2.0.3_rc1
    openvpn openvpn 2.0.4
    openvpn openvpn 2.0.6_rc1
    openvpn openvpn 2.0_beta1
    openvpn openvpn 2.0_beta2
    openvpn openvpn 2.0_beta3
    openvpn openvpn 2.0_beta4
    openvpn openvpn 2.0_beta5
    openvpn openvpn 2.0_beta6
    openvpn openvpn 2.0_beta7
    openvpn openvpn 2.0_beta8
    openvpn openvpn 2.0_beta9
    openvpn openvpn 2.0_beta10
    openvpn openvpn 2.0_beta11
    openvpn openvpn 2.0_beta12
    openvpn openvpn 2.0_beta13
    openvpn openvpn 2.0_beta15
    openvpn openvpn 2.0_beta16
    openvpn openvpn 2.0_beta17
    openvpn openvpn 2.0_beta18
    openvpn openvpn 2.0_beta19
    openvpn openvpn 2.0_beta20
    openvpn openvpn 2.0_beta28
    openvpn openvpn 2.0_rc1
    openvpn openvpn 2.0_rc2
    openvpn openvpn 2.0_rc3
    openvpn openvpn 2.0_rc4
    openvpn openvpn 2.0_rc5
    openvpn openvpn 2.0_rc6
    openvpn openvpn 2.0_rc7
    openvpn openvpn 2.0_rc8
    openvpn openvpn 2.0_rc9
    openvpn openvpn 2.0_rc10
    openvpn openvpn 2.0_rc11
    openvpn openvpn 2.0_rc12
    openvpn openvpn 2.0_rc13
    openvpn openvpn 2.0_rc14
    openvpn openvpn 2.0_rc15
    openvpn openvpn 2.0_rc16
    openvpn openvpn 2.0_rc17
    openvpn openvpn 2.0_rc18
    openvpn openvpn 2.0_rc19
    openvpn openvpn 2.0_rc20
    openvpn openvpn 2.0_rc21
    openvpn openvpn 2.0_test1
    openvpn openvpn 2.0_test2
    openvpn openvpn 2.0_test3
    openvpn openvpn 2.0_test4
    openvpn openvpn 2.0_test5
    openvpn openvpn 2.0_test6
    openvpn openvpn 2.0_test7
    openvpn openvpn 2.0_test8
    openvpn openvpn 2.0_test9
    openvpn openvpn 2.0_test10
    openvpn openvpn 2.0_test11
    openvpn openvpn 2.0_test12
    openvpn openvpn 2.0_test14
    openvpn openvpn 2.0_test15
    openvpn openvpn 2.0_test16
    openvpn openvpn 2.0_test17
    openvpn openvpn 2.0_test18
    openvpn openvpn 2.0_test19
    openvpn openvpn 2.0_test20
    openvpn openvpn 2.0_test21
    openvpn openvpn 2.0_test22
    openvpn openvpn 2.0_test23
    openvpn openvpn 2.0_test24
    openvpn openvpn 2.0_test25
    openvpn openvpn 2.0_test26
    openvpn openvpn 2.0_test27
    openvpn openvpn 2.0_test29
    openvpn openvpn access server 2.0.1
    openvpn openvpn access server 2.0.2
    openvpn openvpn access server 2.0.5
    openvpn openvpn access server 2.0.6
    openvpn openvpn access server 2.0.7