FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openvpn -- too long a username or password from a client can confuse openvpn servers

Affected packages
openvpn < 2.6.13

Details

VuXML ID 47bc292a-d472-11ef-aaab-7d43732cb6f5
Discovery 2024-10-28
Entry 2025-01-17

Frank Lichtenheld reports:

[OpenVPN v2.6.13 ...] improve server-side handling of clients sending usernames or passwords longer than USER_PASS_LEN - this would not result in a crash, buffer overflow or other security issues, but the server would then misparse incoming IV variables and produce misleading error messages.

[source]

References

URL https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.