A long-standing vulnerability in OpenBSD’s networking stack has been disclosed, revealing that attackers can bypass PAP authentication entirely due to a decades-old logic flaw. The issue resides in the sppp_pap_input() function within OpenBSD’s sppp(4) subsystem, which manages synchronous PPP links used in PPPoE connectivity. During the PPP authentication phase, systems relying on the Password Authentication Protocol (PAP) validate user […]
The post 27-Year-Old OpenBSD Vulnerability Allows Attackers to Bypass PAP Authentication Entirely appeared first on Cyber Security News.