Authentication Bypass Vulnerability in OpenBSD 6.6 libc

Authentication Bypass Vulnerability in OpenBSD 6.6 libc

CVE-2019-19521 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).

Learn more about our User Device Pen Test.