CVE-2013-2692

Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users.

Published: May 13, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-2692
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
openvpn / openvpn_access_server	-	1.8.4.x

http://openvpn.net/index.php/access-server/download-openvpn-as-sw/531-release-notes-v185.html
http://osvdb.org/93111
http://secunia.com/advisories/52802

Vulnerability Database

289,697

CVE-2013-2692