Executive Summary

Name CVE-2007-2768 First vendor Publication 2007-05-21
Vendor Cve Last vendor Modification 2021-04-01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2768

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

Application 1
Application 1
Application 1
Application 1
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
34601 OPIE w/ OpenSSH Account Enumeration

OPIE, as used in OpenSSH and possibly other programs, contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker systematically attempts authentication for a list of usernames, which will disclose the presence of valid accounts due to the way OPIE challenges for authentication.

Nessus® Vulnerability Scanner

Date Description
2011-11-18 Name : The remote host is susceptible to an information disclosure attack.
File : openssh_opie.nasl - Type : ACT_GATHER_INFO
2011-08-29 Name : The SSH service running on the remote host has an information disclosure vuln...
File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://security.netapp.com/advisory/ntap-20191107-0002/
FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html
OSVDB http://www.osvdb.org/34601

Alert History

If you want to see full details history, please login or register.
Date Informations
2021-05-04 12:05:56
  • Multiple Updates
2021-04-22 01:06:30
  • Multiple Updates
2021-04-01 21:23:06
  • Multiple Updates
2020-05-23 00:19:48
  • Multiple Updates
2016-06-28 16:31:00
  • Multiple Updates
2014-02-17 10:40:14
  • Multiple Updates
2013-05-11 10:26:09
  • Multiple Updates