CVE-2019-19521

libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
Configurations

Configuration 1 (hide)

cpe:2.3:o:openbsd:openbsd:6.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-05 00:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-19521

Mitre link : CVE-2019-19521

CVE.ORG link : CVE-2019-19521


JSON object : View

Products Affected

openbsd

  • openbsd
CWE
CWE-287

Improper Authentication