Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.

The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, root, as well as of other users, respectively.

The vulnerabilities were discovered and reported by Qualys Research Labs earlier this week, in response to which OpenBSD developers released security patches for OpenBSD 6.5 and OpenBSD 6.6 just yesterday—that's in less than 40 hours.


Here's a brief explanation of all four security vulnerabilities in OpenBSD—a free and open-source BSD-based Unix-like operating system—along with their assigned CVE identifiers

OpenBSD Authentication Bypass (CVE-2019-19521)


The authentication bypass vulnerability resides in the way OpenBSD's authentication framework parses the username supplied by a user while logging in through smtpd, ldapd, radiusd, su, or sshd services.

Using this flaw, a remote attacker can successfully access vulnerable services with any password just by entering the username as "-schallenge" or "-schallenge: passwd," and it works because a hyphen (-) before username tricks OpenBSD into interpreting the value as a command-line option and not as a username.


Here, OpenBSD's authentication framework interprets "-schallenge" as "-s challenge," which forces the system into silently ignoring the challenge protocol that e ..

Support the originator by clicking the read the rest link below.