OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability

OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability

The portable version of OpenSSH is reported prone to an information-disclosure vulnerability. The portable version is distributed for operating systems other than its native OpenBSD platform.

This issue is related to BID 7467. Reportedly, the previous fix for BID 7467 didn't completely fix the issue. This current issue may involve differing code paths in PAM, resulting in a new vulnerability, but this has not been confirmed.

Exploiting this vulnerability allows remote attackers to test for the presence of valid usernames. Knowledge of usernames may aid them in further attacks.