A critical authentication-bypass vulnerability lurking in OpenBSD’s synchronous PPP subsystem since 1999 has finally been patched, 27 years after the flawed code was first imported into the source tree. The bug, discovered in sppp_pap_input(), allowed an attacker to fully bypass PAP (Password Authentication Protocol) authentication by sending zero-length credential fields, gaining complete network access without knowing […]
The post 7-Year-Old OpenBSD Flaw Enables Complete PAP Authentication Bypass appeared first on Cyber Security News.