I have searched and found that the CVE was recognized by OC in the following entry.
However, in the above entry, it only mentioned that “The enumeration mitigation is now properly enforced.”, but it didn’t mention how should the mitigation be enforced on an OC 10.7 server.
Would anyone please share more info. regarding the CVE? Perhaps it had already been fixed in the latest 10.7 release?
Thanks alfredb for your reply.
As the current “production build” was still 10.7 (10.8 is tagged as stable, but not production), is there any workaround available for to mitigate the risk without upgrading to 10.8?
Thanks!