Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)


OpenVPN Access Server Input Validation Flaw Lets Remote Users Conduct Session Fixation Attacks to Hijack a Target User's Session
Severity Rating: Medium
Systems Affected:
  • OpenVPN Access Server
A vulnerability was reported in OpenVPN Access Server and can be exploited by remote attacker to conduct session fixation attacks to hijack a target user’s session. A remote user can create a specially crafted URL containing the '%0A' character that, when loaded by the target user prior to authentication, will inject headers and set the session cookie to a specified value. After the target user authenticates to the target OpenVPN Access Server, the remote user can hijack the target user's session.
Users are advised to update apply updates.
More information is available on:
CVE Information
Vendor Information
Security Tracker
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis