https://hackingpassion.com/tags/pap/Recent content in PAP on HackingPassion.com : root@HackingPassion.com-[~]HugoenWed, 17 Jun 2026 12:55:58 +0200https://hackingpassion.com/openbsd-pap-empty-password-bypass/Wed, 17 Jun 2026 12:55:58 +0200https://hackingpassion.com/openbsd-pap-empty-password-bypass/<p>A 27-year-old flaw in <strong>OpenBSD</strong> let attackers bypass its <strong>PPP</strong> login with nothing more than an empty username and an empty password. Hand a vulnerable system a blank name and a blank password, and its own login check treated that as a perfect match and let the connection in.</p> <p>The problem sits in the part of OpenBSD that handles <strong>PPP</strong>, the protocol behind many DSL and fiber connections, usually carried through <strong>PPPoE</strong>. When two machines set up that kind of link, one side can ask the other to prove who it is. One of the older ways to do that is <strong>PAP</strong>, the Password Authentication Protocol. One machine sends a name and a password, the other checks them against what it has stored, and if they match the link comes up.</p>