[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255227

 
 

909

 
 

198741

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-2163Date: (C)2004-12-31   (M)2023-12-22


login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
OSVDB-10203
BID-11227
SECUNIA-12617
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
http://www.openbsd.org/errata35.html#radius
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
openbsd-radius-auth-bypass(17456)

CPE    3
cpe:/o:openbsd:openbsd:3.2
cpe:/o:openbsd:openbsd:3.4
cpe:/o:openbsd:openbsd:3.5

© SecPod Technologies