A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack Β· Argus Blog β
#OpenBSD's sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely.
The #vulnerability was introduced in 1999 and survived for 27 years before being fixed..
#OpenBSD's sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely.
The #vulnerability was introduced in 1999 and survived for 27 years before being fixed..