A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack
(blog.argus-systems.ai)
from hucste@lemmy.ml to openbsd@lemmy.ml on 17 Jun 08:58
https://lemmy.ml/post/48851823
from hucste@lemmy.ml to openbsd@lemmy.ml on 17 Jun 08:58
https://lemmy.ml/post/48851823
OpenBSD’s sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely. The vulnerability was introduced in 1999 and survived for 27 years before being fixed.
threaded - newest