VULHUB ™

A timing attack has been described in OpenSSH that could allow a remote user to determine if a username is valid. This information can be ascertained through analysis of the response time during authentication. It is currently not known whether this issue has been addressed in recent versions of OpenSSH. It is possible that other SSH implementations may also be affected, though this has not been confirmed.

A timing attack has been described in OpenSSH that could allow a remote user to determine if a username is valid. This information can be ascertained through analysis of the response time during authentication. It is currently not known whether this issue has been addressed in recent versions of OpenSSH. It is possible that other SSH implementations may also be affected, though this has not been confirmed.