{"id":"CVE-2005-2531","details":"OpenVPN before 2.0.1, when running with \"verb 0\" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.","modified":"2025-08-09T19:01:28Z","published":"2005-08-24T04:00:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/16463"},{"type":"ADVISORY","url":"http://secunia.com/advisories/17103"},{"type":"ADVISORY","url":"http://www.debian.org/security/2005/dsa-851"},{"type":"FIX","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2005:145"},{"type":"ADVISORY","url":"http://www.novell.com/linux/security/advisories/2005_20_sr.html"},{"type":"WEB","url":"http://openvpn.net/changelog.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/14605"}],"schema_version":"1.7.3"}