CVE-2024-8474
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-8474 is a new vulnerability affecting OpenVPN Connect versions prior to 3.5.0. This issue arises from the logging of clear-text private keys in the application log, allowing unauthorized actors to access and decrypt VPN traffic. The private key, which is contained within the configuration profile, is not encrypted during transmission or storage, posing a significant security risk. This vulnerability underscores the importance of implementing encryption for sensitive data, especially in critical communication channels like VPNs. Users are strongly advised to upgrade to the latest version of OpenVPN Connect as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Openvpn Connect