OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness

OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness

OpenSSH-Portable is prone to an information-disclosure weakness. The issue stems from a GSSAPI authentication abort.

Reportedly, attackers may leverage a GSSAPI authentication abort to determine the presence and validity of usernames on unspecified platforms.

This issue occurs when OpenSSH-Portable is configured to accept GSSAPI authentication.

OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.