login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.01153
Percentile: 0.77606

CVSS Scoring

Affected Products

• cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
• cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*
• cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*

← Back to Home