The vulnerability of the ObscureKeystrokeTiming() function in the SSH client of the OpenSSH cryptographic security tool allows a intruder to gain unauthorized access to protected information.

The vulnerability of the ObscureKeystrokeTiming function in the SSH client of the OpenSSH cryptographic security tool is related to synchronization errors when using a shared resource “Race Conditions”. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized...

USN-6887-1 openssh vulnerability

Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did not work as expected. A remote attacker could possibly use this issue to determine timing information about keystrokes...