VULHUB ™

It has been discovered that the OpenSSH daemon fails to disable terminal echoing when a user is required to renew an expired password. As a result, the cleartext password may be disclosed to an adversary in close physical proximity to the victim (or one who can otherwise observe terminal output). It is not yet known which versions of OpenSSH are vulnerable to this issue, although it has been confrimed that SuSE 7.0 through 7.3 are affected.

It has been discovered that the OpenSSH daemon fails to disable terminal echoing when a user is required to renew an expired password. As a result, the cleartext password may be disclosed to an adversary in close physical proximity to the victim (or one who can otherwise observe terminal output). It is not yet known which versions of OpenSSH are vulnerable to this issue, although it has been confrimed that SuSE 7.0 through 7.3 are affected.