GHSA-rrgf-j5xj-h9hcMediumCVSS 5.8
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass...
🔗 CVE IDs covered (1)
📋 Description
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2026-55706
- https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a72d3544131ad5cee7adf8
- https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html
- https://blog.argus-systems.ai/blog/poc-001-pap-bypass.py
- https://www.openwall.com/lists/oss-security/2026/06/16/9
- https://github.com/advisories/GHSA-rrgf-j5xj-h9hc