{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-3761","assignerOrgId":"36a55730-e66d-4d39-8ca6-3c3b3017965e","state":"PUBLISHED","assignerShortName":"OpenVPN","dateReserved":"2022-10-31T07:38:29.762Z","datePublished":"2023-10-17T12:10:36.100Z","dateUpdated":"2024-08-03T01:20:57.580Z"},"containers":{"cna":{"affected":[{"vendor":"OpenVPN Inc","product":"OpenVPN Connect","platforms":["Windows","MacOS"],"versions":[{"status":"affected","version":"until 3.4.0.4506","lessThan":"3.4.0.4506","versionType":"macOS"},{"status":"affected","version":"until 3.4.0.3100","lessThan":"3.4.0.3100","versionType":"Windows"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials"}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","type":"CWE"}]}],"providerMetadata":{"orgId":"36a55730-e66d-4d39-8ca6-3c3b3017965e","shortName":"OpenVPN","dateUpdated":"2023-10-17T12:10:36.100Z"},"references":[{"url":"https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/"},{"url":"https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:20:57.580Z"},"title":"CVE Program Container","references":[{"url":"https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/","tags":["x_transferred"]},{"url":"https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/","tags":["x_transferred"]}]}]}}