Login Sign Up

CVE-2023-32634

7.8 HIGH
Authentication Bypass

📋 TL;DR

An authentication bypass vulnerability in SoftEther VPN allows local attackers to perform man-in-the-middle attacks against the CiRpcServerThread functionality. This could enable unauthorized access to VPN services without proper authentication. Affects SoftEther VPN users running vulnerable versions.

💻 Affected Systems

Products:
  • SoftEther VPN
Versions: 5.01.9674 and 4.41-9782-beta
Operating Systems: Windows, Linux, macOS, FreeBSD, Solaris
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of vulnerable versions regardless of configuration.

📦 What is this software?

Vpn by Softether

View all CVEs affecting Vpn →

Vpn by Softether

View all CVEs affecting Vpn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains unauthorized access to VPN network, potentially compromising internal resources, intercepting traffic, or pivoting to other systems.

🟠

Likely Case

Local attacker bypasses authentication to access VPN services they shouldn't have access to, potentially exposing sensitive network traffic.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to isolated segments with detection of anomalous authentication attempts.

🌐 Internet-Facing: LOW (requires local access to the system)
🏢 Internal Only: HIGH (exploitable by any local user on the VPN server host)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to perform man-in-the-middle attack against the CiRpcServerThread functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.02 or later

Vendor Advisory: https://www.softether.org/9-about/News/904-SEVPN202301

Restart Required: Yes

Instructions:

1. Download latest version from SoftEther VPN website. 2. Stop VPN service. 3. Install update. 4. Restart VPN service.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to VPN server systems to trusted administrators only.

Network Segmentation

all

Isolate VPN server from other critical systems to limit potential lateral movement.

🧯 If You Can't Patch

  • Implement strict access controls to limit who has local access to VPN servers
  • Monitor for unusual authentication patterns and local privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check SoftEther VPN version via management console or command line: vpncmd /tools /cmd:Version

Check Version:

vpncmd /tools /cmd:Version

Verify Fix Applied:

Verify version is 5.02 or later using same command and ensure no authentication bypass occurs in testing.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful access
  • Unusual local user activity on VPN server

Network Indicators:

  • Unexpected RPC traffic patterns
  • Authentication bypass patterns in network traffic

SIEM Query:

source="softether-vpn" AND (event_type="auth_failure" OR event_type="auth_success") | stats count by user, src_ip

📊 Metadata

CVE ID: CVE-2023-32634
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-300
Published: October 12, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32634, you might also want to check these:

CVE-2024-31206 8.2

The dectalk-tts Node package versions 1.0.0 sends API requests over unencrypted HTTP, allowing attac...

Same vulnerability type (CWE-300)
CVE-2021-41033 8.1

This vulnerability allows man-in-the-middle attacks when Eclipse Equinox installations use HTTP repo...

Same vulnerability type (CWE-300)
CVE-2024-36553 8.1

The Forever KidsWatch Call Me KW-50 smartwatch is vulnerable to man-in-the-middle (MITM) attacks due...

Same vulnerability type (CWE-300)