AI Score
Confidence
Low
EPSS
Percentile
79.6%
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
secunia.com/advisories/12617
www.openbsd.org/errata35.html#radius
www.osvdb.org/10203
www.reseau.nl/advisories/0400-openbsd-radius.txt
www.securityfocus.com/bid/11227
exchange.xforce.ibmcloud.com/vulnerabilities/17456