OpenBSD devs patch authentication bypass bug
1 min read
Dec 06, 2019
Are you an OpenBSD user? OpenBSD, one of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability. Learn more:
OpenBSD allowed people access to its smtpd, ldapd, and radiusd programs – which send mail, allow access to user directories, and allow remote access to the computer system. All an attacker needed to do was enter a specific word prefixed by a hyphen as a username.
Qualys Research Labsfoundfour bugs in BSD Authentication, which is the code that OpenBSD uses to authenticate users. Three of them were local privilege escalation bugs, while the other,CVE-2019-19521, bypassed the authentication system altogether. According to its security advisory, BSD Authentication supports four authentication styles: password, a one-time password mechanism called S/Key, and Yubico’s YubiKey hardware token.
The link for this article located at Naked Security is no longer available.
Related Articles
1 - 0 min read
Do I Need Antivirus as a Linux User?
1 - 0 min read
Linux xz/liblzma Utility Backdoor Risks SSH Compromise
1 - 0 min read
Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]
1 - 0 min read
RunC Container Escape Flaws Grant Attackers Host Access
1 - 0 min read
Hackers' Backdoor: Warning of New Linux Kernel Vulnerability
