Hi,
I am running the openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release
7.9.2009 (Core).
#cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
# rpm -qa |grep ssh
openssh-server-7.4p1-21.el7.x86_64
libssh2-1.8.0-4.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-clients-7.4p1-21.el7.x86_64
While invoking the Vulnerability Assessment and Penetration Testing (VAPT)
scan, we are encountering the below vulnerability.
OPIE w/ OpenSSH Account Enumeration The remote host is susceptible to an
> information disclosure attack. CVE-2007-2768 A patch currently does not
> exist for this issue. As a workaround, ensure that OPIE for PAM is not
> installed.
> Version source : SSH-2.0-OpenSSH_7.4
> Installed version : 7.4
> https://seclists.org/fulldisclosure/2007/Apr/634
Any help will be highly appreciated. Thanks in Advance. Please let me know
if you need any additional information.
Best Regards,
Kaushal
-
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
