OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html | Broken Link |
http://www.osvdb.org/34601 | Broken Link |
https://security.netapp.com/advisory/ntap-20191107-0002/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
01 Apr 2021, 15:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* |
|
CWE | CWE-200 | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191107-0002/ - Third Party Advisory | |
References | (OSVDB) http://www.osvdb.org/34601 - Broken Link | |
References | (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html - Broken Link |
Information
Published : 2007-05-21 20:30
Updated : 2023-12-10 10:40
NVD link : CVE-2007-2768
Mitre link : CVE-2007-2768
CVE.ORG link : CVE-2007-2768
JSON object : View
Products Affected
netapp
- hci_storage_node
- steelstore_cloud_integrated_storage
- hci_management_node
- solidfire
openbsd
- openssh
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor