- cross-posted to:
- openbsd@lemmy.ml
- cross-posted to:
- openbsd@lemmy.ml
OpenBSD’s sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely. The vulnerability was introduced in 1999 and survived for 27 years before being fixed.
You must log in or register to comment.

