10 matches found
K000141045: OpenSSH vulnerability CVE-2024-39894
Security Advisory Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. CVE-2024-39894 Impact There...
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g. for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly other timing attacks against keystroke entry could occur.
...
Fedora: Security Advisory (FEDORA-2024-dc89a2e1bf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-39894
A flaw was found in OpenSSH. A logic error in the SSH ObscureKeystrokeTiming feature on by default rendered this feature ineffective. A passive observer could still detect which network packets contained real keystrokes when the countermeasure was active because fake and real keystroke packets we...
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...
CVE-2024-39894
OpenSSH CVE-2024-39894 affects OpenSSH 9.5–9.7 (before 9.8). A logic error in the ObscureKeystrokeTiming feature can enable timing attacks on keystroke entry (e.g., echo-off password input for su and sudo) and potentially reveal keystrokes. Mitigation per linked advisories is to upgrade to OpenSS...
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...