CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8474

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00074/1

CVE-2024-8474: OpenVPN Connect before 3.5.0 logs the clear-text private key of the configuration profile in the application log. This vulnerability allows an unauthorized actor to potentially decrypt VPN traffic. The SVRS score of 30 indicates a moderate risk, suggesting that while not immediately critical, it should be addressed in a timely manner. Although the CVSS score is 0, the presence of this private key in logs poses a significant security risk. Exploitation could lead to the compromise of sensitive data transmitted through the VPN. Organizations using affected versions of OpenVPN Connect should upgrade to version 3.5.0 or later to mitigate this vulnerability and protect their VPN traffic. The CWE-212, or Improper Input Validation, is the cause of this data leakage.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-01-06
LAST MODIFIED2025-01-06
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-8474 affects OpenVPN Connect versions prior to 3.5.0. This vulnerability stems from the application's insecure storage of configuration profiles, specifically the clear-text private key. This sensitive information is logged within the application log, potentially exposing it to unauthorized actors. Such actors could then exploit this vulnerability to decrypt VPN traffic, compromising the confidentiality and integrity of data exchanged over the VPN connection.

While the CVSS score is 7.5, indicating a high severity, the SVRS (SOCRadar Vulnerability Risk Score) stands at 64, suggesting a moderate vulnerability. However, the potential impact on data privacy and security justifies a proactive approach towards mitigation.

Key Insights

  1. Exposure of Sensitive Data: The vulnerability exposes the private key of the VPN configuration profile, potentially enabling unauthorized decryption of VPN traffic. This could lead to significant data breaches and privacy violations.
  2. Log File Accessibility: The private key is stored within the application log file, which might be accessible to malicious actors with sufficient privileges on the affected system.
  3. Potential for Wide-Scale Exploitation: This vulnerability could be exploited by various threat actors, including opportunistic attackers and targeted adversaries.
  4. Potential for APT Group Involvement: While no specific APT group has been linked to this vulnerability yet, its severity and impact suggest it could be attractive to sophisticated actors seeking to gain access to sensitive data.

Mitigation Strategies

  1. Upgrade to OpenVPN Connect 3.5.0 or later: This version addresses the vulnerability by implementing secure storage of configuration profiles, preventing the private key from being logged in plain text.
  2. Restrict Access to Application Logs: Limit access to the application log file to authorized personnel only, minimizing the risk of unauthorized access to the private key.
  3. Implement Strong Password Policies: Ensure strong passwords are used for accessing the VPN connection and restrict access to authorized users only.
  4. Regular Security Monitoring: Regularly monitor system logs for any suspicious activity related to the OpenVPN Connect application, and implement appropriate security measures to address any potential threats.

Additional Information

Users are encouraged to take immediate action to mitigate the risks posed by CVE-2024-8474. If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CTO at NCSC Summary: week ending January 19th - substack.com
2025-01-18
CTO at NCSC Summary: week ending January 19th - substack.com | News Content: More edge devices exploited.. Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do. Operationally this week further exploitation of zero-days in edge security appliances… At the end of the month we are planning on releasing guidance (co-sealed with a number of partners) for device manufactures (physical and virtual) on the minimum telemetry and volatile/non volatile forensic requirements in response.. In the high-level this week: Passkeys: they're not
google.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News
2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News | News Content: The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead of the threats. ⚡ Threat of the Week Critical Ivanti Flaw Comes Under Exploitation
google.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Ajit Jasrotia2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] | The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay […] The post ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January
allhackernews.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News
2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News | News Content: The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead of the threats. ⚡ Threat of the Week Critical Ivanti Flaw Comes Under Exploitation
google.com
rss
forum
news
CVE-2024-8474 | OpenVPN Connect up to 3.4.x Application Log improper removal of sensitive information before storage or transfer
vuldb.com2025-01-06
CVE-2024-8474 | OpenVPN Connect up to 3.4.x Application Log improper removal of sensitive information before storage or transfer | A vulnerability was found in OpenVPN Connect up to 3.4.x and classified as problematic. This issue affects some unknown processing of the component Application Log. The manipulation leads to improper removal of sensitive information before storage or transfer. The identification of this vulnerability is CVE-2024
vuldb.com
rss
forum
news

Social Media

A critical vulnerability, identified as CVE-2024-8474, has been discovered in OpenVPN Connect. This flaw could allow attackers to access users’ private keys, potentially compromising the confidentiality of their VPN traffic. https://t.co/Kt77OC4nRd
0
0
0
CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys https://t.co/kVke5IKoqr
0
0
0
CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys https://t.co/752BHtqYMM
0
0
0
CVE-2024-8474: OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic https://t.co/rfDKZE5oYE https://t.co/o6iHhV9Xsn
0
0
0
🚨 Critical vulnerability (CVE-2024-8474) in OpenVPN Connect exposed private keys, risking user data. Update to version 3.5.1 and check logs. Over 10M downloads highlight the potential impact. 🔐 #OpenVPN #Privacy #USA #CybersecurityNews link: https://t.co/DdAOWEGZvQ https://t.co/rPQR9qImIn
0
0
0
🚨 CVE Alert: OpenVPN Connect Information Disclosure Vulnerability🚨 Vulnerability Details: CVE-2024-8474 (CVSS 7.5/10) OpenVPN Connect Information Disclosure Vulnerability Impact A successful exploit may allow an attacker to access a user's device, extract the private key from https://t.co/jCpgMg53W5
0
0
1
@The_Cyber_News OpenVPN Connect Vulnerability Let Attackers Access Users’ Private Keys Source: https://t.co/bUP40UQGjY A critical vulnerability, identified as CVE-2024-8474, has been discovered in OpenVPN Connect, a popular VPN client software. This flaw could allow attackers https://t.co/E0irAQUwWb
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://openvpn.net/connect-docs/android-release-notes.html

CWE Details

CWE IDCWE NameDescription
CWE-212Improper Removal of Sensitive Information Before Storage or TransferThe product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence