icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Portable OpenSSH < 3.6.1p2 PAM Timing Side-Channel Weakness

Low

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is using a version of Portable OpenSSH that may allow an attacker to determine if an account exists or not by a timing analysis.

Solution

Upgrade to OpenSSH-portable 3.6.1p2 or higher.