VYPR

libc

by OpenBSD

CVEs (1)

  • CVE-2019-19521CriDec 5, 2019
    risk 0.64cvss 9.8epss 0.03

    libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).