Hi,
On 02.07.24 1:47 AM, Dominique Martinet wrote:
2) Logic error in ssh(1) ObscureKeystrokeTiming
I couldn't find anything on this one.
it seems CVE-2024-39894 got assigned to this now:
> OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks
against echo-off password entry (e.g., for su and Sudo) because of an
ObscureKeystrokeTiming logic error. Similarly, other timing attacks
against keystroke entry could occur.
>
> https://www.cve.org/CVERecord?id=CVE-2024-39894
Regards,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone AG, Neumarkt 12, 49074 Osnabrück, Germany
https://www.greenbone.net/
Company registry: Amtsgericht Osnabrück, HRB 218768
Board of directors: Dr. Jan-Oliver Wagner (CEO), Elmar Geese
Chairman of the Supervisory Board: Lukas Grunwald
