OpenVPN Unprotected Management Interface
Medium Nessus Plugin ID 21330
SynopsisThe remote VPN server can be managed remotely without authentication.
DescriptionThe remote host is running OpenVPN, an open source SSL VPN.
The version of OpenVPN installed on the remote host does not require authentication to access the server's management interface. An attacker can leverage this issue to gain complete control over the affected application simply by telneting in.
SolutionDisable the management interface or bind it only to a specific address, such as 127.0.0.1.