Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2163

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2163
Last Modified 05 Sep 2008 04:43:22
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2163

Summary

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

Vulnerable Systems

Operating System

  • Openbsd 3.2

  • Openbsd 3.4

  • Openbsd 3.5


References

BID - 11227

MISC - http://www.reseau.nl/advisories/0400-openbsd-radius.txt

CONFIRM - http://www.openbsd.org/errata35.html#radius

SECUNIA - 12617

XF - openbsd-radius-auth-bypass(17456)

VULNWATCH - 20040921 OpenBSD radius authentication vulnerability

OSVDB - 10203


Last Updated: 27 May 2016 10:39:22