OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.3.2-7ubuntu3.2+esm1", "binary_name": "openvpn" }, { "binary_version": "2.3.2-7ubuntu3.2+esm1", "binary_name": "openvpn-dbgsym" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.3.10-1ubuntu2.2+esm1", "binary_name": "openvpn" }, { "binary_version": "2.3.10-1ubuntu2.2+esm1", "binary_name": "openvpn-dbgsym" } ] }