CVE-2004-2163
OpenBSD 3.2 3.5 - Unauthenticated Authentication Bypass via RADIUS Shared Secret Spoofing
Title source: llmDescription
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://www.openbsd.org/errata35.html#radius
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11227
Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
Patch, Vendor Advisory x_refsource_misc
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17456
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/10203
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12617
Scores
EPSS
0.0115
EPSS Percentile
78.8%
Details
Status
published
Products (3)
openbsd/openbsd
3.2
openbsd/openbsd
3.4
openbsd/openbsd
3.5
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026