login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote malicious users to bypass authentication by spoofing server replies.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openbsd 3.2 |
||
openbsd openbsd 3.4 |
||
openbsd openbsd 3.5 |