OpenSSH-Portable Existing Password Remote Information Disclosure Weakness

info
discussion
exploit
solution
references

OpenSSH-Portable Existing Password Remote Information Disclosure Weakness

A proof-of-concept script is available.

Attackers can also manually verify the existence of this phenomenon by using a combination of a valid SSH client application and a packet-sniffing utility.

/data/vulnerabilities/exploits/sshtime.txt