Hi,
I am running the openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release 7.9.2009 (Core).
#cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) # rpm -qa |grep ssh openssh-server-7.4p1-21.el7.x86_64 libssh2-1.8.0-4.el7.x86_64 openssh-7.4p1-21.el7.x86_64 openssh-clients-7.4p1-21.el7.x86_64
While invoking the Vulnerability Assessment and Penetration Testing (VAPT) scan, we are encountering the below vulnerability.
OPIE w/ OpenSSH Account Enumeration The remote host is susceptible to an
information disclosure attack. CVE-2007-2768 A patch currently does not exist for this issue. As a workaround, ensure that OPIE for PAM is not installed. Version source : SSH-2.0-OpenSSH_7.4 Installed version : 7.4 https://seclists.org/fulldisclosure/2007/Apr/634
Any help will be highly appreciated. Thanks in Advance. Please let me know if you need any additional information.
Best Regards,
Kaushal -