Unrated severityNVD Advisory· Published Dec 4, 2019· Updated Aug 5, 2024
CVE-2019-19521
CVE-2019-19521
Description
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenBSD/libcdescription
Patches
Vulnerability mechanics
References
7- packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Dec/14mitremailing-listx_refsource_FULLDISC
- www.openwall.com/lists/oss-security/2019/12/04/5mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2019/12/04/6mitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/8mitremailing-listx_refsource_BUGTRAQ
- www.openbsd.org/errata66.htmlmitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2019/12/04/5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.