ID CVE-2007-2768
Summary OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 07-11-2019 - 10:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
confirm https://security.netapp.com/advisory/ntap-20191107-0002/
fulldisc 20070424 Re: OpenSSH - System Account Enumeration if S/Key is used
osvdb 34601
statements via4
contributor Mark J Cox
lastmodified 2007-05-23
organization Red Hat
statement Not vulnerable. OPIE for PAM is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 07-11-2019 - 10:15
Published 21-05-2007 - 20:30
Last modified 07-11-2019 - 10:15
Back to Top