CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3547
https://notcve.org/view.php?id=CVE-2021-3547
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. OpenVPN 3 Core Library versiones 3.6 y 3.6.1, permiten a un atacante tipo "man-in-the-middle" omitir la autenticación de certificados al emitir un certificado de servidor no relacionado usando el mismo nombre de host encontrado en la opción verify-x509-name en la configuración de un cliente • https://community.openvpn.net/openvpn/wiki/CVE-2021-3547 https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements • CWE-295: Improper Certificate Validation CWE-305: Authentication Bypass by Primary Weakness •