7.5

CVE-2004-2163

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenbsd Version3.2
OpenbsdOpenbsd Version3.4
OpenbsdOpenbsd Version3.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.7% 0.742
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html
Vendor Advisory
http://secunia.com/advisories/12617
Patch
Vendor Advisory
http://www.openbsd.org/errata35.html#radius
Patch
http://www.osvdb.org/10203
http://www.reseau.nl/advisories/0400-openbsd-radius.txt
Patch
Vendor Advisory
http://www.securityfocus.com/bid/11227
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/17456