Portable OpenSSH < 3.6.1p2 PAM Timing Side-Channel Weakness
Low Nessus Network Monitor Plugin ID 1984
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote host is using a version of Portable OpenSSH that may allow an attacker to determine if an account exists or not by a timing analysis.
SolutionUpgrade to OpenSSH-portable 3.6.1p2 or higher.