ID

VAR-200412-0422


CVE

CVE-2004-2163


TITLE

OpenBSD Radius Authentication Bypass Vulnerability

Trust: 0.9

sources: BID: 11227 // CNNVD: CNNVD-200412-796

DESCRIPTION

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. OpenBSD is reported prone to an authentication bypass vulnerability when using Radius authentication. This issue can be leveraged by spoofing traffic on a vulnerable network and carrying out a man-in-the-middle attack to gain unauthorized access to an OpenBSD computer. This vulnerability arises if an OpenBSD computer is configured to use Radius authentication and may allow an attacker to gain unauthorized access to the OpenBSD computer. The vulnerability is confirmed in OpenBSD 3.2 and OpenBSD 3.5. Other versions may be vulnerable as well

Trust: 1.17

sources: NVD: CVE-2004-2163 // BID: 11227

AFFECTED PRODUCTS

vendor:openbsdmodel:openbsdscope:eqversion:3.5

Trust: 1.9

vendor:openbsdmodel:openbsdscope:eqversion:3.4

Trust: 1.9

vendor:openbsdmodel:openbsdscope:eqversion:3.2

Trust: 1.9

vendor:f5model:big-ipscope:eqversion:4.6.2

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.6

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.10

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.9

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5.6

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.4

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.2

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.6.2

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.6

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.5

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.4

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.3

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.2

Trust: 0.3

vendor:f5model:big-ipscope:neversion:4.6.3

Trust: 0.3

vendor:f5model:big-ipscope:neversion:4.5.11

Trust: 0.3

vendor:f5model:3-dnsscope:neversion:4.6.3

Trust: 0.3

vendor:f5model:3-dnsscope:neversion:4.5.11

Trust: 0.3

sources: BID: 11227 // CNNVD: CNNVD-200412-796 // NVD: CVE-2004-2163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2163
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-796
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2004-2163
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200412-796 // NVD: CVE-2004-2163

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-796

TYPE

Design Error

Trust: 0.9

sources: BID: 11227 // CNNVD: CNNVD-200412-796

EXTERNAL IDS

db:BIDid:11227

Trust: 1.9

db:OSVDBid:10203

Trust: 1.6

db:NVDid:CVE-2004-2163

Trust: 1.6

db:SECUNIAid:12617

Trust: 1.6

db:VULNWATCHid:20040921 OPENBSD RADIUS AUTHENTICATION VULNERABILITY

Trust: 0.6

db:XFid:17456

Trust: 0.6

db:CNNVDid:CNNVD-200412-796

Trust: 0.6

sources: BID: 11227 // CNNVD: CNNVD-200412-796 // NVD: CVE-2004-2163

REFERENCES

url:http://www.reseau.nl/advisories/0400-openbsd-radius.txt

Trust: 1.9

url:http://www.securityfocus.com/bid/11227

Trust: 1.6

url:http://www.openbsd.org/errata35.html#radius

Trust: 1.6

url:http://secunia.com/advisories/12617

Trust: 1.6

url:http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0058.html

Trust: 1.6

url:http://www.osvdb.org/10203

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17456

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/17456

Trust: 0.6

url:http://www.f5.com/f5products/bigip/

Trust: 0.3

url:http://www.openbsd.org

Trust: 0.3

sources: BID: 11227 // CNNVD: CNNVD-200412-796 // NVD: CVE-2004-2163

CREDITS

This issue was disclosed by Eilko Bos.

Trust: 0.9

sources: BID: 11227 // CNNVD: CNNVD-200412-796

SOURCES

db:BIDid:11227
db:CNNVDid:CNNVD-200412-796
db:NVDid:CVE-2004-2163

LAST UPDATE DATE

2024-08-14T14:08:57.452000+00:00


SOURCES UPDATE DATE

db:BIDid:11227date:2004-09-21T00:00:00
db:CNNVDid:CNNVD-200412-796date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2163date:2017-07-11T01:31:40.827

SOURCES RELEASE DATE

db:BIDid:11227date:2004-09-21T00:00:00
db:CNNVDid:CNNVD-200412-796date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2163date:2004-12-31T05:00:00