OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability

OpenSSH-portable with PAM support enabled has been reported prone to an information-disclosure vulnerability under certain configurative circumstances.

By analyzing the response time during authentication, remote attackers may be able to determine whether or not the supplied username is valid.

This issue may be related to the issues described in BID 7342 and BID 7343. BID 11781 may also be pertinent; it describes an issue very similar to this one.


 

Privacy Statement
Copyright 2010, SecurityFocus