CVE-2007-2768
OpenSSH - User Enumeration via OPIE PAM Response Discrepancy
Title source: llmDescription
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
References (3)
Core 3
Core References
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/34601
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20191107-0002/
Scores
EPSS
0.0019
EPSS Percentile
40.4%
Details
CWE
CWE-200
Status
published
Products (5)
netapp/hci_management_node
netapp/hci_storage_node
netapp/solidfire
netapp/steelstore_cloud_integrated_storage
openbsd/openssh
Published
May 21, 2007
Tracked Since
Feb 18, 2026