Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 4/30/2016 10:13:41 PM

CVE Publication rate: 19.53

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 9.15
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2006-2229

Original release date: 05/05/2006
Last revised: 09/05/2008
Source: US-CERT/NIST

Overview

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.0 MEDIUM
Impact Subscore: 4.9
Exploitability Subscore: 4.9
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: High
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC
Name: http://openvpn.net/man.html
External Source: BUGTRAQ
Name: 20060503 OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
External Source: OSVDB
Name: 25660
External Source: BUGTRAQ
Name: 20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
External Source: BUGTRAQ
Name: 20060503 Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

Vulnerable software and versions

+ Configuration 1
+ OR
cpe:/a:openvpn:openvpn:2.0
cpe:/a:openvpn:openvpn:2.0.1
cpe:/a:openvpn:openvpn:2.0.1_rc1
cpe:/a:openvpn:openvpn:2.0.1_rc2
cpe:/a:openvpn:openvpn:2.0.1_rc3
cpe:/a:openvpn:openvpn:2.0.1_rc4
cpe:/a:openvpn:openvpn:2.0.1_rc5
cpe:/a:openvpn:openvpn:2.0.1_rc6
cpe:/a:openvpn:openvpn:2.0.1_rc7
cpe:/a:openvpn:openvpn:2.0.2
cpe:/a:openvpn:openvpn:2.0.2_rc1
cpe:/a:openvpn:openvpn:2.0.3_rc1
cpe:/a:openvpn:openvpn:2.0.4
cpe:/a:openvpn:openvpn:2.0.5
cpe:/a:openvpn:openvpn:2.0.6
cpe:/a:openvpn:openvpn:2.0.6_rc1
cpe:/a:openvpn:openvpn:2.0.7
cpe:/a:openvpn:openvpn:2.0_beta1
cpe:/a:openvpn:openvpn:2.0_beta10
cpe:/a:openvpn:openvpn:2.0_beta11
cpe:/a:openvpn:openvpn:2.0_beta12
cpe:/a:openvpn:openvpn:2.0_beta13
cpe:/a:openvpn:openvpn:2.0_beta15
cpe:/a:openvpn:openvpn:2.0_beta16
cpe:/a:openvpn:openvpn:2.0_beta17
cpe:/a:openvpn:openvpn:2.0_beta18
cpe:/a:openvpn:openvpn:2.0_beta19
cpe:/a:openvpn:openvpn:2.0_beta2
cpe:/a:openvpn:openvpn:2.0_beta20
cpe:/a:openvpn:openvpn:2.0_beta28
cpe:/a:openvpn:openvpn:2.0_beta3
cpe:/a:openvpn:openvpn:2.0_beta4
cpe:/a:openvpn:openvpn:2.0_beta5
cpe:/a:openvpn:openvpn:2.0_beta6
cpe:/a:openvpn:openvpn:2.0_beta7
cpe:/a:openvpn:openvpn:2.0_beta8
cpe:/a:openvpn:openvpn:2.0_beta9
cpe:/a:openvpn:openvpn:2.0_rc1
cpe:/a:openvpn:openvpn:2.0_rc10
cpe:/a:openvpn:openvpn:2.0_rc11
cpe:/a:openvpn:openvpn:2.0_rc12
cpe:/a:openvpn:openvpn:2.0_rc13
cpe:/a:openvpn:openvpn:2.0_rc14
cpe:/a:openvpn:openvpn:2.0_rc15
cpe:/a:openvpn:openvpn:2.0_rc16
cpe:/a:openvpn:openvpn:2.0_rc17
cpe:/a:openvpn:openvpn:2.0_rc18
cpe:/a:openvpn:openvpn:2.0_rc19
cpe:/a:openvpn:openvpn:2.0_rc2
cpe:/a:openvpn:openvpn:2.0_rc20
cpe:/a:openvpn:openvpn:2.0_rc21
cpe:/a:openvpn:openvpn:2.0_rc3
cpe:/a:openvpn:openvpn:2.0_rc4
cpe:/a:openvpn:openvpn:2.0_rc5
cpe:/a:openvpn:openvpn:2.0_rc6
cpe:/a:openvpn:openvpn:2.0_rc7
cpe:/a:openvpn:openvpn:2.0_rc8
cpe:/a:openvpn:openvpn:2.0_rc9
cpe:/a:openvpn:openvpn:2.0_test1
cpe:/a:openvpn:openvpn:2.0_test10
cpe:/a:openvpn:openvpn:2.0_test11
cpe:/a:openvpn:openvpn:2.0_test12
cpe:/a:openvpn:openvpn:2.0_test14
cpe:/a:openvpn:openvpn:2.0_test15
cpe:/a:openvpn:openvpn:2.0_test16
cpe:/a:openvpn:openvpn:2.0_test17
cpe:/a:openvpn:openvpn:2.0_test18
cpe:/a:openvpn:openvpn:2.0_test19
cpe:/a:openvpn:openvpn:2.0_test2
cpe:/a:openvpn:openvpn:2.0_test20
cpe:/a:openvpn:openvpn:2.0_test21
cpe:/a:openvpn:openvpn:2.0_test22
cpe:/a:openvpn:openvpn:2.0_test23
cpe:/a:openvpn:openvpn:2.0_test24
cpe:/a:openvpn:openvpn:2.0_test25
cpe:/a:openvpn:openvpn:2.0_test26
cpe:/a:openvpn:openvpn:2.0_test27
cpe:/a:openvpn:openvpn:2.0_test29
cpe:/a:openvpn:openvpn:2.0_test3
cpe:/a:openvpn:openvpn:2.0_test4
cpe:/a:openvpn:openvpn:2.0_test5
cpe:/a:openvpn:openvpn:2.0_test6
cpe:/a:openvpn:openvpn:2.0_test7
cpe:/a:openvpn:openvpn:2.0_test8
cpe:/a:openvpn:openvpn:2.0_test9

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)