Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-39894

July 2, 2024, 6:15 p.m.

Tags

cve@mitre.org
2024-07-02
CVE-2024-39894

Product(s) Impacted

OpenSSH

  • 9.5
  • 9.6
  • 9.7

Description

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

Weaknesses

Date

Published: July 2, 2024, 6:15 p.m.

Last Modified: July 2, 2024, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://lists.mindrot.org/ cve@mitre.org
https://www.openssh.com/ cve@mitre.org
https://www.openwall.com/ cve@mitre.org