OpenBSD Patches 27-Year-Old Remote Kernel Authentication Bypass Vulnerability

A security flaw in OpenBSD’s kernel PPP stack, present since its import from FreeBSD in July 1999, was recently discovered. The vulnerability allowed remote attackers to bypass authentication via a null-auth flaw and intercept PPPoE traffic without credentials. The issue remained unpatched across all OpenBSD releases for nearly 27 years until a fix was released.