An authentication bypass and three local privilege-escalation (LPE) bugs have been uncovered in OpenBSD, the Unix-like open-source operating system known for its security protections.
The most severe of the vulnerabilities is the bypass (CVE-2019-19521), which is remotely exploitable.
OpenBSD uses BSD authentication, which enables the use of passwords, S/Key challenge-and-response authentication and Yubico YubiKey tokens. In each of these cases, to perform the authentication, the string “/usr/libexec/auth/login_style [-v name=value] [-s service] username class” is used. If an attacker specifies the username “-schallenge” (or “-schallenge:passwd,” the authentication is automatically successful and therefore bypassed.