OpenSSH < 4.1.0p2 / 4.2 Timing Attack
Low Nessus Network Monitor Plugin ID 3787
SynopsisThe remote host discloses information regarding the availability of user accounts.
DescriptionThe remote host is running a version of OpenSSH that is vulnerable to a flaw in the way that it handles authentication requests. Specifically, OpenSSH is alleged to vary response time based on the complexity (or availability) of the user password. An account that had no password would elicit a quicker SSH response than an account that had a defined password. An attacker exploiting this flaw would be able to determine local accounts that had passwords. This information would be useful in other more complex attacks.
Note: PVS has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.
SolutionUpgrade to version 4.2, 4.1.0p2 or higher.