PT-2001-2573 · Opie · One-Time Passwords In Everything
Published
2001-12-31
·
Updated
2024-02-14
·
CVE-2001-1483
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
One-Time Passwords In Everything (a.k.a OPIE) versions 2.32 through 2.4
Description
The issue allows remote attackers to determine the existence of user accounts. This is achieved by the system printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
Recommendations
For One-Time Passwords In Everything (a.k.a OPIE) versions 2.32 through 2.4, consider implementing additional authentication measures to prevent attackers from determining user account existence. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
One-Time Passwords In Everything