Lucene search
MitreCVELIST:CVE-2019-19521HistoryDec 04, 2019 - 11:33 p.m.
CVE-2019-19521
2019-12-0423:33:35
mitre
www.cve.org
2
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
References
packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.html
seclists.org/fulldisclosure/2019/Dec/14
www.openwall.com/lists/oss-security/2019/12/04/5
www.openwall.com/lists/oss-security/2019/12/04/6
seclists.org/bugtraq/2019/Dec/8
www.openbsd.org/errata66.html
www.openwall.com/lists/oss-security/2019/12/04/5
Related
prion
prion
Authentication flaw
2019-12-05 00:15:00
threatpost
threatpost
Designing a Proactive Ransomware Playbook for Todayβs Threat Landscape
2021-11-11 19:29:44
Skype Glitch Allowed Android Authentication Bypass
2019-01-07 15:13:23
OpenBSD Hit with Authentication, LPE Bugs
2019-12-05 16:06:51
nvd
nvd
CVE-2019-19521
2019-12-05 00:15:11
cve
cve
CVE-2019-19521
2019-12-05 00:15:11
qualysblog
qualysblog
OpenBSD Local Privilege Escalation Vulnerability (CVE-2019-19726)
2019-12-12 00:49:45
OpenBSD Multiple Authentication Vulnerabilities
2019-12-05 02:34:59
packetstorm
packetstorm
thn
thn
Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
2019-12-05 11:31:00
nessus
nessus
OpenBSD 6.6 Multiple Authentication Bypass Vulnerabilities
2020-01-06 00:00:00