OpenVPN Easy-RSA Weak Encryption Vulnerability Allowing CA Key Brute Force

Vulnerability

A vulnerability exists in OpenVPN Easy-RSA versions 3.0.5 through 3.1.7, where a weak encryption algorithm allows local attackers to more easily brute-force the private Certificate Authority (CA) key. This issue arises when the CA key is created using OpenSSL 3.

Impact

Exploitation of this vulnerability could lead to the unauthorized disclosure of the private CA key, potentially allowing an attacker to impersonate the CA or entities it has issued certificates to.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenVPN Easy-RSA Weak Encryption Vulnerability Allowing CA Key Brute Force

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating