OpenVPN access server is letting any password auth

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
clags
OpenVpn Newbie
Posts: 4
Joined: Tue Jan 28, 2020 7:39 pm

OpenVPN access server is letting any password auth

Post by clags » Tue Feb 11, 2020 4:57 am

I have a weird problem -- I am trial'ing the openvpn access server on a centos 7 box. Whether I set the auth to PAM, local, or LDAP, it is letting login with any password. It seems all it is doing is verifying the user exists -- I can't log in to the web portal with a bad username, but as long as the username exists, any password is being accepted.

clags
OpenVpn Newbie
Posts: 4
Joined: Tue Jan 28, 2020 7:39 pm

Re: OpenVPN access server is letting any password auth

Post by clags » Thu Feb 13, 2020 1:13 pm

Update - The support team for access server got back to me, this is a bug in 2.8 that is letting any user bind to LDAP. Suggested reverting to 2.7 until a fix is released.

Post Reply