icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

OpenSSH < 4.1.0p2 / 4.2 Timing Attack

Low

Synopsis

The remote host discloses information regarding the availability of user accounts.

Description

The remote host is running a version of OpenSSH that is vulnerable to a flaw in the way that it handles authentication requests. Specifically, OpenSSH is alleged to vary response time based on the complexity (or availability) of the user password. An account that had no password would elicit a quicker SSH response than an account that had a defined password. An attacker exploiting this flaw would be able to determine local accounts that had passwords. This information would be useful in other more complex attacks.

Note: PVS has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.

Solution

Upgrade to version 4.2, 4.1.0p2 or higher.