Vulnerabilities > CVE-2004-2163 - Authentication Bypass vulnerability in Openbsd 3.2/3.4/3.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

openbsd

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

Vulnerable Configurations

Part	Description	Count
OS	Openbsd Openbsd Openbsd 3.2 Openbsd Openbsd 3.4 Openbsd Openbsd 3.5	3

References

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
http://secunia.com/advisories/12617
http://www.openbsd.org/errata35.html#radius
http://www.osvdb.org/10203
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
http://www.securityfocus.com/bid/11227
https://exchange.xforce.ibmcloud.com/vulnerabilities/17456