High severity7.5NVD Advisory· Published Jul 2, 2024· Updated Apr 15, 2026
CVE-2024-39894
CVE-2024-39894
Description
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- seclists.org/fulldisclosure/2024/Sep/33nvd
- www.openwall.com/lists/oss-security/2024/07/03/6nvd
- www.openwall.com/lists/oss-security/2024/07/23/4nvd
- www.openwall.com/lists/oss-security/2024/07/23/6nvd
- www.openwall.com/lists/oss-security/2024/07/28/3nvd
- crzphil.github.io/posts/ssh-obfuscation-bypass/nvd
- lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.htmlnvd
- news.ycombinator.com/itemnvd
- security.netapp.com/advisory/ntap-20240712-0004/nvd
- www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.ascnvd
- www.openssh.com/txt/release-9.8nvd
- www.openwall.com/lists/oss-security/2024/07/02/1nvd
News mentions
0No linked articles in our index yet.