OpenBSD has been found vulnerable to four new high-severity security vulnerabilities. One vulnerability is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, root, as well as of other users. The vulnerabilities were discovered and reported by Qualys Research Labs earlier this week, in response to which OpenBSD developers released security patches for OpenBSD 6.5 and 6.6 just yesterday.
Source: https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html