CVE-2004-2163

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

Ссылки

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
Vendor Advisory
http://secunia.com/advisories/12617
Patch
Vendor Advisory
http://www.openbsd.org/errata35.html#radius
Patch
http://www.osvdb.org/10203
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
Patch
Vendor Advisory
http://www.securityfocus.com/bid/11227
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17456
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
Vendor Advisory
http://secunia.com/advisories/12617
Patch
Vendor Advisory
http://www.openbsd.org/errata35.html#radius
Patch
http://www.osvdb.org/10203
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
Patch
Vendor Advisory
http://www.securityfocus.com/bid/11227
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17456

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*

cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01153

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-vpvq-r8h3-q5hv

github

почти 4 года назад