Vulnerabilities > CVE-2004-2163 - Unspecified vulnerability in Openbsd 3.2/3.4/3.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

openbsd

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

Vulnerable Configurations

Part	Description	Count
OS	Openbsd Openbsd Openbsd 3.2 Openbsd Openbsd 3.5 Openbsd Openbsd 3.4	3

References

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
http://secunia.com/advisories/12617
http://secunia.com/advisories/12617
http://www.openbsd.org/errata35.html#radius
http://www.openbsd.org/errata35.html#radius
http://www.osvdb.org/10203
http://www.osvdb.org/10203
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
http://www.securityfocus.com/bid/11227
http://www.securityfocus.com/bid/11227
https://exchange.xforce.ibmcloud.com/vulnerabilities/17456
https://exchange.xforce.ibmcloud.com/vulnerabilities/17456