← back
CVE-2004-2163

CVE-2004-2163

EPSS 1.7%
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.htmlhttp://secunia.com/advisories/12617https://exchange.xforce.ibmcloud.com/vulnerabilities/17456http://www.openbsd.org/errata35.html#radiushttp://www.osvdb.org/10203http://www.reseau.nl/advisories/0400-openbsd-radius.txthttp://www.securityfocus.com/bid/11227