| Anonymous | Login | 2024-12-22 00:13 MST |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000262 | ClearOS | openvpn | public | 2011-04-04 10:54 | 2019-03-12 11:41 | ||||
| Reporter | user2 | ||||||||
| Assigned To | |||||||||
| Priority | normal | Severity | feature | Reproducibility | N/A | ||||
| Status | closed | Resolution | won't fix | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | |||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0000262: Enforce common name information to match username on authentication | ||||||||
| Description | By default, OpenVPN will accept any user's certificates with any user's username/password. To put it another way, an attacker can use Tim's certificates and Mary's password to login to the VPN server. Ideally, only Tim's password would work with Tim's certificates. If possible, implement this is in a way that can be pushed upstream to the OpenVPN project. Also not that the "--tls-verify" option should be able to provide a command line workaround - see "man openvpn". | ||||||||
| Additional Information | References: https://forums.openvpn.net/topic7733.html [^] | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0010971) NickH (developer) 2019-03-12 11:41 |
Would require patching all OpenVPN clients. User certificates are not part of the handshake. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-04-04 10:54 | user2 | New Issue | |
| 2011-04-04 10:54 | user2 | Status | new => confirmed |
| 2011-04-04 11:04 | user2 | Description Updated | |
| 2011-04-04 11:04 | user2 | Steps to Reproduce Updated | |
| 2011-04-04 11:06 | user2 | Note Added: 0000346 | |
| 2011-04-04 11:06 | user2 | Note Added: 0000347 | |
| 2011-04-04 11:08 | user2 | Note Deleted: 0000347 | |
| 2011-04-04 11:10 | user2 | Description Updated | |
| 2011-04-04 11:10 | user2 | Steps to Reproduce Updated | |
| 2011-04-04 11:10 | user2 | Additional Information Updated | |
| 2011-04-04 11:10 | user2 | Note Deleted: 0000346 | |
| 2011-04-04 11:13 | user2 | Summary | Enforce common name to match username on authentication => Enforce common name information to match username on authentication |
| 2011-04-04 11:13 | user2 | Description Updated | |
| 2011-06-16 05:12 | user2 | Relationship added | has duplicate 0000311 |
| 2019-03-12 11:41 | NickH | Note Added: 0010971 | |
| 2019-03-12 11:41 | NickH | Status | confirmed => closed |
| 2019-03-12 11:41 | NickH | Resolution | open => won't fix |
|
Issue History |