CVE-2006-2229 [Medium] | Information Disclosure in Openvpn

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	1.03%	1.35%	+0.32%
2	2026-06-11	0.88%	1.03%	+0.15%
3	2025-03-17	—	0.88%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

1.03%

1.35%

+0.32%

2026-06-11

0.88%

1.03%

+0.15%

2025-03-17

—

0.88%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.0	2.0	MEDIUM	`AV:N/AC:H/Au:N/C:P/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:H) Exploitation requires uncommon or highly specific conditions. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	4.9	4.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.0

2.0

MEDIUM

AV:N/AC:H/Au:N/C:P/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:H): Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

4.9

[email protected]

Affected software / configurations for CVE-2006-2229

Vendor	Product	Version	Raw CPE
openvpn	openvpn	2.0	cpe:2.3:a:openvpn:openvpn:2.0:::::::*
openvpn	openvpn	2.0.1_rc1	cpe:2.3:a:openvpn:openvpn:2.0.1_rc1:::::::*
openvpn	openvpn	2.0.1_rc2	cpe:2.3:a:openvpn:openvpn:2.0.1_rc2:::::::*
openvpn	openvpn	2.0.1_rc3	cpe:2.3:a:openvpn:openvpn:2.0.1_rc3:::::::*
openvpn	openvpn	2.0.1_rc4	cpe:2.3:a:openvpn:openvpn:2.0.1_rc4:::::::*
openvpn	openvpn	2.0.1_rc5	cpe:2.3:a:openvpn:openvpn:2.0.1_rc5:::::::*
openvpn	openvpn	2.0.1_rc6	cpe:2.3:a:openvpn:openvpn:2.0.1_rc6:::::::*
openvpn	openvpn	2.0.1_rc7	cpe:2.3:a:openvpn:openvpn:2.0.1_rc7:::::::*
openvpn	openvpn	2.0.2_rc1	cpe:2.3:a:openvpn:openvpn:2.0.2_rc1:::::::*
openvpn	openvpn	2.0.3_rc1	cpe:2.3:a:openvpn:openvpn:2.0.3_rc1:::::::*
openvpn	openvpn	2.0.4	cpe:2.3:a:openvpn:openvpn:2.0.4:::::::*
openvpn	openvpn	2.0.6_rc1	cpe:2.3:a:openvpn:openvpn:2.0.6_rc1:::::::*
openvpn	openvpn	2.0_beta1	cpe:2.3:a:openvpn:openvpn:2.0_beta1:::::::*
openvpn	openvpn	2.0_beta2	cpe:2.3:a:openvpn:openvpn:2.0_beta2:::::::*
openvpn	openvpn	2.0_beta3	cpe:2.3:a:openvpn:openvpn:2.0_beta3:::::::*
openvpn	openvpn	2.0_beta4	cpe:2.3:a:openvpn:openvpn:2.0_beta4:::::::*
openvpn	openvpn	2.0_beta5	cpe:2.3:a:openvpn:openvpn:2.0_beta5:::::::*
openvpn	openvpn	2.0_beta6	cpe:2.3:a:openvpn:openvpn:2.0_beta6:::::::*
openvpn	openvpn	2.0_beta7	cpe:2.3:a:openvpn:openvpn:2.0_beta7:::::::*
openvpn	openvpn	2.0_beta8	cpe:2.3:a:openvpn:openvpn:2.0_beta8:::::::*
openvpn	openvpn	2.0_beta9	cpe:2.3:a:openvpn:openvpn:2.0_beta9:::::::*
openvpn	openvpn	2.0_beta10	cpe:2.3:a:openvpn:openvpn:2.0_beta10:::::::*
openvpn	openvpn	2.0_beta11	cpe:2.3:a:openvpn:openvpn:2.0_beta11:::::::*
openvpn	openvpn	2.0_beta12	cpe:2.3:a:openvpn:openvpn:2.0_beta12:::::::*
openvpn	openvpn	2.0_beta13	cpe:2.3:a:openvpn:openvpn:2.0_beta13:::::::*
openvpn	openvpn	2.0_beta15	cpe:2.3:a:openvpn:openvpn:2.0_beta15:::::::*
openvpn	openvpn	2.0_beta16	cpe:2.3:a:openvpn:openvpn:2.0_beta16:::::::*
openvpn	openvpn	2.0_beta17	cpe:2.3:a:openvpn:openvpn:2.0_beta17:::::::*
openvpn	openvpn	2.0_beta18	cpe:2.3:a:openvpn:openvpn:2.0_beta18:::::::*
openvpn	openvpn	2.0_beta19	cpe:2.3:a:openvpn:openvpn:2.0_beta19:::::::*
openvpn	openvpn	2.0_beta20	cpe:2.3:a:openvpn:openvpn:2.0_beta20:::::::*
openvpn	openvpn	2.0_beta28	cpe:2.3:a:openvpn:openvpn:2.0_beta28:::::::*
openvpn	openvpn	2.0_rc1	cpe:2.3:a:openvpn:openvpn:2.0_rc1:::::::*
openvpn	openvpn	2.0_rc2	cpe:2.3:a:openvpn:openvpn:2.0_rc2:::::::*
openvpn	openvpn	2.0_rc3	cpe:2.3:a:openvpn:openvpn:2.0_rc3:::::::*
openvpn	openvpn	2.0_rc4	cpe:2.3:a:openvpn:openvpn:2.0_rc4:::::::*
openvpn	openvpn	2.0_rc5	cpe:2.3:a:openvpn:openvpn:2.0_rc5:::::::*
openvpn	openvpn	2.0_rc6	cpe:2.3:a:openvpn:openvpn:2.0_rc6:::::::*
openvpn	openvpn	2.0_rc7	cpe:2.3:a:openvpn:openvpn:2.0_rc7:::::::*
openvpn	openvpn	2.0_rc8	cpe:2.3:a:openvpn:openvpn:2.0_rc8:::::::*
openvpn	openvpn	2.0_rc9	cpe:2.3:a:openvpn:openvpn:2.0_rc9:::::::*
openvpn	openvpn	2.0_rc10	cpe:2.3:a:openvpn:openvpn:2.0_rc10:::::::*
openvpn	openvpn	2.0_rc11	cpe:2.3:a:openvpn:openvpn:2.0_rc11:::::::*
openvpn	openvpn	2.0_rc12	cpe:2.3:a:openvpn:openvpn:2.0_rc12:::::::*
openvpn	openvpn	2.0_rc13	cpe:2.3:a:openvpn:openvpn:2.0_rc13:::::::*
openvpn	openvpn	2.0_rc14	cpe:2.3:a:openvpn:openvpn:2.0_rc14:::::::*
openvpn	openvpn	2.0_rc15	cpe:2.3:a:openvpn:openvpn:2.0_rc15:::::::*
openvpn	openvpn	2.0_rc16	cpe:2.3:a:openvpn:openvpn:2.0_rc16:::::::*
openvpn	openvpn	2.0_rc17	cpe:2.3:a:openvpn:openvpn:2.0_rc17:::::::*
openvpn	openvpn	2.0_rc18	cpe:2.3:a:openvpn:openvpn:2.0_rc18:::::::*
openvpn	openvpn	2.0_rc19	cpe:2.3:a:openvpn:openvpn:2.0_rc19:::::::*
openvpn	openvpn	2.0_rc20	cpe:2.3:a:openvpn:openvpn:2.0_rc20:::::::*
openvpn	openvpn	2.0_rc21	cpe:2.3:a:openvpn:openvpn:2.0_rc21:::::::*
openvpn	openvpn	2.0_test1	cpe:2.3:a:openvpn:openvpn:2.0_test1:::::::*
openvpn	openvpn	2.0_test2	cpe:2.3:a:openvpn:openvpn:2.0_test2:::::::*
openvpn	openvpn	2.0_test3	cpe:2.3:a:openvpn:openvpn:2.0_test3:::::::*
openvpn	openvpn	2.0_test4	cpe:2.3:a:openvpn:openvpn:2.0_test4:::::::*
openvpn	openvpn	2.0_test5	cpe:2.3:a:openvpn:openvpn:2.0_test5:::::::*
openvpn	openvpn	2.0_test6	cpe:2.3:a:openvpn:openvpn:2.0_test6:::::::*
openvpn	openvpn	2.0_test7	cpe:2.3:a:openvpn:openvpn:2.0_test7:::::::*
openvpn	openvpn	2.0_test8	cpe:2.3:a:openvpn:openvpn:2.0_test8:::::::*
openvpn	openvpn	2.0_test9	cpe:2.3:a:openvpn:openvpn:2.0_test9:::::::*
openvpn	openvpn	2.0_test10	cpe:2.3:a:openvpn:openvpn:2.0_test10:::::::*
openvpn	openvpn	2.0_test11	cpe:2.3:a:openvpn:openvpn:2.0_test11:::::::*
openvpn	openvpn	2.0_test12	cpe:2.3:a:openvpn:openvpn:2.0_test12:::::::*
openvpn	openvpn	2.0_test14	cpe:2.3:a:openvpn:openvpn:2.0_test14:::::::*
openvpn	openvpn	2.0_test15	cpe:2.3:a:openvpn:openvpn:2.0_test15:::::::*
openvpn	openvpn	2.0_test16	cpe:2.3:a:openvpn:openvpn:2.0_test16:::::::*
openvpn	openvpn	2.0_test17	cpe:2.3:a:openvpn:openvpn:2.0_test17:::::::*
openvpn	openvpn	2.0_test18	cpe:2.3:a:openvpn:openvpn:2.0_test18:::::::*
openvpn	openvpn	2.0_test19	cpe:2.3:a:openvpn:openvpn:2.0_test19:::::::*
openvpn	openvpn	2.0_test20	cpe:2.3:a:openvpn:openvpn:2.0_test20:::::::*
openvpn	openvpn	2.0_test21	cpe:2.3:a:openvpn:openvpn:2.0_test21:::::::*
openvpn	openvpn	2.0_test22	cpe:2.3:a:openvpn:openvpn:2.0_test22:::::::*
openvpn	openvpn	2.0_test23	cpe:2.3:a:openvpn:openvpn:2.0_test23:::::::*
openvpn	openvpn	2.0_test24	cpe:2.3:a:openvpn:openvpn:2.0_test24:::::::*
openvpn	openvpn	2.0_test25	cpe:2.3:a:openvpn:openvpn:2.0_test25:::::::*
openvpn	openvpn	2.0_test26	cpe:2.3:a:openvpn:openvpn:2.0_test26:::::::*
openvpn	openvpn	2.0_test27	cpe:2.3:a:openvpn:openvpn:2.0_test27:::::::*
openvpn	openvpn	2.0_test29	cpe:2.3:a:openvpn:openvpn:2.0_test29:::::::*

References for CVE-2006-2229

URL	Tags
http://openvpn.net/man.html
http://www.osvdb.org/25660
http://www.securityfocus.com/archive/1/432863/100/0/threaded
http://www.securityfocus.com/archive/1/432867/100/0/threaded
http://www.securityfocus.com/archive/1/433000/100/0/threaded

URL

CVE-2006-2229

Exploit prediction scoring system (EPSS) score for CVE-2006-2229

Common vulnerability scoring system (CVSS) metrics for CVE-2006-2229

Weakness enumeration for CVE-2006-2229

Affected software / configurations for CVE-2006-2229

References for CVE-2006-2229