A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack
-
OpenBSD's sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely. The vulnerability was introduced in 1999 and survived for 27 years before being fixed.
-
S sid77@infosec.exchange shared this topic
-
… The code originated from FreeBSD, which itself derived it from Cronyx Engineering Ltd.'s implementation written by Serge Vakulenko in 1994-1996. …
I assume that FreeBSD is not affected.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login