CVE-2007-2768

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

History

01 Apr 2021, 15:32

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-200
References (CONFIRM) https://security.netapp.com/advisory/ntap-20191107-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20191107-0002/ - Third Party Advisory
References (OSVDB) http://www.osvdb.org/34601 - (OSVDB) http://www.osvdb.org/34601 - Broken Link
References (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html - (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html - Broken Link

Information

Published : 2007-05-21 20:30

Updated : 2023-12-10 10:40


NVD link : CVE-2007-2768

Mitre link : CVE-2007-2768

CVE.ORG link : CVE-2007-2768


JSON object : View

Products Affected

netapp

  • hci_storage_node
  • steelstore_cloud_integrated_storage
  • hci_management_node
  • solidfire

openbsd

  • openssh
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor