Four Bugs including Authentication Bypass Flaw Found in OpenBSD

Last week, OpenBSD one of Linux based Operating System was found to have fad 4 vulnerabilities, which was found after research.One of the most important flaw found was the Authentication bypass vulnerability. It is also tracked as CVE-2019-19521, this authentication bypass vulnerability in the operating system.

If an attacker specifies a username in a specific format, the authentication could be forced because of the vulnerability.The security advisory says, “If an attacker specifies a username of the form "-option", they can influence the behavior of the authentication program in unexpected ways.”

Other bugs

Apart from this authentication bypass flaw, a local privilege escalation problem tracked as CVE-2019-19520 was also fixed. This flaw allowed attackers to obtain privileges of set-group-ID "auth" through xlock, if the attacker previously had local access to OpenBSD. The flaw is said to be because of a failed check in xlock.