CVE-2004-2163
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2004
Last modified:
11/07/2017
Description
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
- http://secunia.com/advisories/12617
- http://www.openbsd.org/errata35.html#radius
- http://www.osvdb.org/10203
- http://www.reseau.nl/advisories/0400-openbsd-radius.txt
- http://www.securityfocus.com/bid/11227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17456