CVE-2004-2163

2005-07-1004:00:00

mitre

www.cve.org

AI Score

Confidence

Low

EPSS

0.007

Percentile

79.6%

JSON

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

References

archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html

secunia.com/advisories/12617

www.openbsd.org/errata35.html#radius

www.osvdb.org/10203

www.reseau.nl/advisories/0400-openbsd-radius.txt

www.securityfocus.com/bid/11227

exchange.xforce.ibmcloud.com/vulnerabilities/17456