Sign in

Welcome, Login to your account.

Forget password?
Sign in

Recover your password.

A password will be e-mailed to you.

Trending

  • Latitude Financial Admits Breach Impacted Millions
  • Cyber security firm moves into Scotland after winning NHS contract
  • What’s happening with the Latitude Financial cyber attack? Millions of customer details stolen in one of the largest-known data breaches in Australia
  • Cyber attack: 14 million customer records stolen from Latitude Group in major security breach
  • Accelerating digital transformation with innovative solutions
  • Latitude Financial Services Reveal Millions Of Customer Records Stolen
  • Cardiff Engineers Develop Detect and Protect Cybersecurity for Smart Homes
  • New Course by IITs: Post Graduate Diploma in Cyber Security by IIT Jammu
  • The era of passive cybersecurity awareness training is over
  • Cyber security strategy overlooks maritime issues – Security

TechAuditLab TechAuditLab - Welcome to the Tech Audit Lab

  • IT Security Guides
    • Web Application Security
    • Windows Security
    • Linux Security
    • Cloud Security
  • Cyber Feed
    • HackerNews
    • Security Affairs
    • Vulnerability Database
  • Maritime Security
  • OT Security
  • Ports and Terminals
  • Digital Freight
Tech Audit Lab
Zero Day

2007-2768 | OpenBSD OpenSSH User Account information disclosure (XFDB-34490 / 17705)

By Max On Jul 14, 2021


CVSS Meta Temp Score

CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.

Current Exploit Price (≈)

Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.

CTI Interest Score

Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.

5.3 $5k-$25k 0.38

A vulnerability was found in OpenBSD OpenSSH (Connectivity Software) (affected version not known) and classified as problematic. Affected by this issue is some unknown processing of the component User Account. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. Impacted is confidentiality.

The weakness was released 04/25/2007 by Stanislaw Klekot (Website). The advisory is shared for download at archives.neohapsis.com. This vulnerability is handled as CVE-2007-2768 since 05/21/2007. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 07/14/2021).

The vulnerability scanner Nessus provides a plugin with the ID 17705 (OPIE w/ OpenSSH Account Enumeration), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Misc..

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the databases at X-Force (34490), Vulnerability Center (SBV-33987) and Tenable (17705).

Type

  • Connectivity Software

Vendor

  • OpenBSD

Name

  • OpenSSH
  • 🔍
  • 🔍

VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.3

VulDB Base Score: 5.3
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍

AV AC Au C I A
🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
🔍 🔍 🔍 🔍 🔍 🔍
Vector Complexity Authentication Confidentiality Integrity Availability
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock
unlock unlock unlock unlock unlock unlock


VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Class: Information disclosure
CWE: CWE-200
ATT&CK: Unknown

Local: No
Remote: Yes

Availability: 🔍
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔍


0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock


Nessus ID: 17705
Nessus Name: OPIE w/ OpenSSH Account Enumeration
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍

Threat Intelligenceinfoedit

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: no mitigation known
Status: 🔍

0-Day Time: 🔍

04/25/2007 🔍
05/04/2007 +9 days 🔍
05/21/2007 +16 days 🔍
05/21/2007 +0 days 🔍
05/21/2007 +0 days 🔍
11/18/2011 +1642 days 🔍
12/06/2011 +18 days 🔍
03/13/2015 +1193 days 🔍
02/26/2017 +716 days 🔍
07/14/2021 +1599 days 🔍Vendor: https://www.openbsd.org/

Advisory: archives.neohapsis.com
Researcher: Stanislaw Klekot
Status: Not defined
Confirmation: 🔍

CVE: CVE-2007-2768 (🔍)
X-Force: 34490
Vulnerability Center: 33987 – OpenSSH when Using OPIE for PAM Remote Disclosure of User Accounts Existence, Low
OSVDB: 34601 – OPIE w/ OpenSSH Account Enumeration

Created: 03/13/2015 14:56
Updated: 07/14/2021 20:11
Changes: (1) source_nessus_risk
Complete: 🔍

Comments

No comments yet. Please log in to comment.

◂ PreviousOverviewNext ▸

Upgrade your account now!



Source link

3449034601CVE-2007-2768OpenBSDOpenSSHUser Account
Max 52517 posts 0 comments
You might also like More from author
Zero Day

2023-23415 | Microsoft Windows ICMP Remote Code Execution

Zero Day

CVE-2022-4203 | OpenSSL up to 3.0.7 X.509 Certificate Verification buffer overflow

Zero Day

CVE-2022-48093 | SeaCMS 12.7 admin_ip.php ip code injection

Zero Day

CVE-2023-0164 | OrangeScrum 2.0.11 injection

Loading ... Load More Posts No More Posts

Latest News

Latitude Financial Admits Breach Impacted Millions

Mar 27, 2023

Cyber security firm moves into Scotland after winning NHS contract

Mar 27, 2023

Doric Shipbrokers co-founder Mouyis joins Navios Partners board as…

Mar 27, 2023

What’s happening with the Latitude Financial cyber attack?…

Mar 27, 2023

Cyber attack: 14 million customer records stolen from Latitude Group…

Mar 27, 2023

Accelerating digital transformation with innovative solutions

Mar 27, 2023
Prev Next 1 of 3,150

OT Security

In Paris, annual Israel-France tech forum scans AI

Mar 26, 2023

Cl0p goes everywhere exploiting GoAnywhere. Latest cyber developments in the hybrid war against Ukraine. RSA Innovation…

Mar 25, 2023

Officials discuss potential increase of Quincy’s information technology budget

Mar 25, 2023
Prev Next 1 of 673

Maritime Security

Doric Shipbrokers co-founder Mouyis joins Navios Partners board as Zisimatou retires

Mar 27, 2023

MOWCA Seeks Korean Govt Support To Establish Regional Shipping Line

Mar 27, 2023

Britain Trains 35 NDLEA Officers On Maritime Patrol

Mar 27, 2023

FG Approves N510m Fire Service Equipment For Rivers Port, Others

Mar 27, 2023
Prev Next 1 of 1,764
  • IT Security Guides
    • Web Application Security
    • Windows Security
    • Linux Security
    • Cloud Security
  • Cyber Feed
    • HackerNews
    • Security Affairs
    • Vulnerability Database
  • Maritime Security
  • OT Security
  • Ports and Terminals
  • Digital Freight
© 2023 - Tech Audit Lab. All Rights Reserved.
Powered by the FORTRESS
Sign in
  • IT Security Guides
    • Web Application Security
    • Windows Security
    • Linux Security
    • Cloud Security
  • Cyber Feed
    • HackerNews
    • Security Affairs
    • Vulnerability Database
  • Maritime Security
  • OT Security
  • Ports and Terminals
  • Digital Freight

Welcome, Login to your account.

Forget password?
Sign in

Recover your password.

A password will be e-mailed to you.