login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openbsd | Openbsd | 3.2 (including) | 3.2 (including) |
Openbsd | Openbsd | 3.4 (including) | 3.4 (including) |
Openbsd | Openbsd | 3.5 (including) | 3.5 (including) |