ClearFoundation Tracker - ClearOS |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000262 | ClearOS | openvpn | public | 2011-04-04 10:54 | 2019-03-12 11:41 |
|
| Reporter | user2 | |
| Assigned To | | |
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | won't fix | |
| Platform | | OS | | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | | |
|
| Summary | 0000262: Enforce common name information to match username on authentication |
| Description | By default, OpenVPN will accept any user's certificates with any user's username/password. To put it another way, an attacker can use Tim's certificates and Mary's password to login to the VPN server. Ideally, only Tim's password would work with Tim's certificates.
If possible, implement this is in a way that can be pushed upstream to the OpenVPN project. Also not that the "--tls-verify" option should be able to provide a command line workaround - see "man openvpn".
|
| Steps To Reproduce | |
| Additional Information | References:
https://forums.openvpn.net/topic7733.html [^] |
| Tags | No tags attached. |
| Relationships | | has duplicate | 0000311 | closed | user2 | OpenVPN allows password authentication for users not associated with provided cert. |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2011-04-04 10:54 | user2 | New Issue | |
| 2011-04-04 10:54 | user2 | Status | new => confirmed |
| 2011-04-04 11:04 | user2 | Description Updated | |
| 2011-04-04 11:04 | user2 | Steps to Reproduce Updated | |
| 2011-04-04 11:06 | user2 | Note Added: 0000346 | |
| 2011-04-04 11:06 | user2 | Note Added: 0000347 | |
| 2011-04-04 11:08 | user2 | Note Deleted: 0000347 | |
| 2011-04-04 11:10 | user2 | Description Updated | |
| 2011-04-04 11:10 | user2 | Steps to Reproduce Updated | |
| 2011-04-04 11:10 | user2 | Additional Information Updated | |
| 2011-04-04 11:10 | user2 | Note Deleted: 0000346 | |
| 2011-04-04 11:13 | user2 | Summary | Enforce common name to match username on authentication => Enforce common name information to match username on authentication |
| 2011-04-04 11:13 | user2 | Description Updated | |
| 2011-06-16 05:12 | user2 | Relationship added | has duplicate 0000311 |
| 2019-03-12 11:41 | NickH | Note Added: 0010971 | |
| 2019-03-12 11:41 | NickH | Status | confirmed => closed |
| 2019-03-12 11:41 | NickH | Resolution | open => won't fix |