OpenVPN access server is letting any password auth
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Jan 28, 2020 7:39 pm
OpenVPN access server is letting any password auth
I have a weird problem -- I am trial'ing the openvpn access server on a centos 7 box. Whether I set the auth to PAM, local, or LDAP, it is letting login with any password. It seems all it is doing is verifying the user exists -- I can't log in to the web portal with a bad username, but as long as the username exists, any password is being accepted.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Jan 28, 2020 7:39 pm
Re: OpenVPN access server is letting any password auth
Update - The support team for access server got back to me, this is a bug in 2.8 that is letting any user bind to LDAP. Suggested reverting to 2.7 until a fix is released.