login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2004-2155 | login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-08T01:15:01.629Z
Reserved: 2005-07-10T00:00:00
Link: CVE-2004-2163

No data.

Status : Deferred
Published: 2004-12-31T05:00:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2004-2163

No data.

No data.