OPIE w/ OpenSSH Account Enumeration

medium Nessus Plugin ID 17705
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is susceptible to an information disclosure attack.

Description

When using OPIE for PAM and OpenSSH, it is possible for remote attackers to determine the existence of certain user accounts.

Note that Nessus has not tried to exploit the issue, but rather only checked if OpenSSH is running on the remote host. As a result, it does not detect if the remote host actually has OPIE for PAM installed.

Solution

A patch currently does not exist for this issue. As a workaround, ensure that OPIE for PAM is not installed.

See Also

https://seclists.org/fulldisclosure/2007/Apr/634

Plugin Details

Severity: Medium

ID: 17705

File Name: openssh_opie.nasl

Version: 1.5

Type: remote

Family: Misc.

Published: 11/18/2011

Updated: 11/15/2018

Dependencies: ssh_detect.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Required KB Items: Settings/PCI_DSS

Vulnerability Publication Date: 4/21/2007

Reference Information

CVE: CVE-2007-2768