OpenBSD login vulnerability that allows you to trivially bypass password. Has been there for some 18 odd years.
TL;DR didn’t sanitize usernames which could contain “-“ making them parse as options to the authentication program. Exploiting this, username “-schallenge:passwd” allowed silent auth bypass because the passwd backend doesn’t require a challenge.