Authentication Bypass Vulnerability in login_radius on OpenBSD

Authentication Bypass Vulnerability in login_radius on OpenBSD

CVE-2004-2163 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

Learn more about our Cis Benchmark Audit For Server Software.