Contributed by grey on from the catching up dept.
Eilko Bos reported that radius authentication, as implemented by login_radius(8), was not checking the shared secret used for replies sent by the radius server. This could allow an attacker to spoof a reply granting access to the attacker. Note that OpenBSD does not ship with radius authentication enabled.
You can download the patches here for 3.5 and here for 3.4. As always, you can also find this information at http://www.openbsd.org/errata.html.
(Comments are closed)