AZL-6778

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6778.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-6778

Upstream

CVE-2007-2768

Published

2007-05-21T20:30:00Z

Modified

2026-04-21T04:38:15.948261Z

Summary

CVE-2007-2768 affecting package openssh for versions less than 8.8p1-2

Details

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

References

https://nvd.nist.gov/vuln/detail/CVE-2007-2768

Affected packages

Azure Linux:2 / openssh

Package

Name: openssh
Purl: pkg:rpm/azure-linux/openssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.8p1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6778.json"