27 Years in the Dark: OpenBSD Fixes Ancient Remote Kernel Auth Bypass

News
Yanac

Absolutely wild find by Argus-Systems. A remote authentication bypass hiding in OpenBSD’s kernel PPP stack since it was imported from FreeBSD in July 1999. An attacker could essentially bypass authentication via a null-auth flaw and intercept/read PPPoE traffic without credentials. It survived every single release for nearly three decades until the patch. OpenBSD already released a patch. submitted by /u/Emergency_Stable_923 [link] [comments]Technical Information Security Content & DiscussionRead More