CVE-2026-48859 (GCVE-0-2026-48859)
Vulnerability from cvelistv5 – Published: 2026-06-10 14:35 – Updated: 2026-06-11 04:45
VLAI
Title
SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration
Summary
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.
When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.
The user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.
This vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.
This issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/erlang/otp/security/advisories… | vendor-advisoryrelated |
| https://cna.erlef.org/cves/CVE-2026-48859.html | related |
| https://osv.dev/vulnerability/EEF-CVE-2026-48859 | related |
| https://www.erlang.org/doc/system/versions.html#o… | x_version-scheme |
| https://github.com/erlang/otp/commit/c342092ef4b3… | patch |
Impacted products
2 products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T16:19:16.914933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:19:43.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_auth",
"ssh_options"
],
"packageName": "ssh",
"packageURL": "pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git",
"product": "OTP",
"programFiles": [
"src/ssh_auth.erl",
"src/ssh_options.erl"
],
"programRoutines": [
{
"name": "ssh_auth:check_password/3"
},
{
"name": "ssh_options:get_password_option/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"lessThan": "6.0.1",
"status": "affected",
"version": "6.0",
"versionType": "otp"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"modules": [
"ssh_auth",
"ssh_options"
],
"packageName": "erlang/otp",
"packageURL": "pkg:github/erlang/otp",
"product": "OTP",
"programFiles": [
"lib/ssh/src/ssh_auth.erl",
"lib/ssh/src/ssh_options.erl"
],
"programRoutines": [
{
"name": "ssh_auth:check_password/3"
},
{
"name": "ssh_options:get_password_option/2"
}
],
"repo": "https://github.com/erlang/otp",
"vendor": "Erlang",
"versions": [
{
"lessThan": "29.0.2",
"status": "affected",
"version": "29.0",
"versionType": "otp"
},
{
"lessThan": "c342092ef4b369bb409d5b71ac8fd83bab74aedf",
"status": "affected",
"version": "032d1bc9491a3975c68faf9bc7776115d6ae3005",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SSH daemon must be configured with the \u003ctt\u003euser_passwords\u003c/tt\u003e or \u003ctt\u003epassword\u003c/tt\u003e option for password authentication. Systems using the \u003ctt\u003epwdfun\u003c/tt\u003e option instead are not affected."
}
],
"value": "The SSH daemon must be configured with the user_passwords or password option for password authentication. Systems using the pwdfun option instead are not affected."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "29.0.2",
"versionStartIncluding": "29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zhang Delong"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jakub Witczak"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Ingela Anderton Andin"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Micha\u0142 W\u0105sowski"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eObservable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\u003c/p\u003e\u003cp\u003eWhen the SSH daemon is configured with the \u003ctt\u003euser_passwords\u003c/tt\u003e or \u003ctt\u003epassword\u003c/tt\u003e option, \u003ctt\u003essh_auth:check_password/3\u003c/tt\u003e performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the \u003ctt\u003essh_options:get_password_option/2\u003c/tt\u003e path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\u003c/p\u003e\u003cp\u003eThe \u003ctt\u003euser_passwords\u003c/tt\u003e and \u003ctt\u003epassword\u003c/tt\u003e options are documented as intended for test purposes; the recommended alternative is \u003ctt\u003epwdfun\u003c/tt\u003e, which is not affected by this vulnerability.\u003c/p\u003e\u003cp\u003eThis vulnerability is associated with program files \u003ctt\u003elib/ssh/src/ssh_auth.erl\u003c/tt\u003e and \u003ctt\u003elib/ssh/src/ssh_options.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.\u003c/p\u003e"
}
],
"value": "Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\n\nWhen the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\n\nThe user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.\n\nThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T04:45:32.938Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory",
"related"
],
"url": "https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4"
},
{
"tags": [
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2026-48859.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-48859"
},
{
"tags": [
"x_version-scheme"
],
"url": "https://www.erlang.org/doc/system/versions.html#order-of-versions"
},
{
"tags": [
"patch"
],
"url": "https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use the \u003ctt\u003epwdfun\u003c/tt\u003e option instead of \u003ctt\u003euser_passwords\u003c/tt\u003e for password authentication. The \u003ctt\u003epwdfun\u003c/tt\u003e callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity."
}
],
"value": "Use the pwdfun option instead of user_passwords for password authentication. The pwdfun callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements."
}
],
"value": "Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-48859",
"datePublished": "2026-06-10T14:35:43.553Z",
"dateReserved": "2026-05-25T20:44:10.697Z",
"dateUpdated": "2026-06-11T04:45:32.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-48859",
"date": "2026-06-13",
"epss": "0.00263",
"percentile": "0.5013"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-48859\",\"sourceIdentifier\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"published\":\"2026-06-10T16:17:12.373\",\"lastModified\":\"2026-06-10T20:19:35.917\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\\n\\nWhen the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\\n\\nThe user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.\\n\\nThis vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.\\n\\nThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-208\"}]}],\"references\":[{\"url\":\"https://cna.erlef.org/cves/CVE-2026-48859.html\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://osv.dev/vulnerability/EEF-CVE-2026-48859\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"},{\"url\":\"https://www.erlang.org/doc/system/versions.html#order-of-versions\",\"source\":\"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-48859\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-10T16:19:16.914933Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-10T16:19:38.063Z\"}}], \"cna\": {\"title\": \"SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Zhang Delong\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Jakub Witczak\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Ingela Anderton Andin\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"Micha\\u0142 W\\u0105sowski\"}], \"impacts\": [{\"capecId\": \"CAPEC-116\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-116 Excavation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"ssh_auth\", \"ssh_options\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.0.1\", \"versionType\": \"otp\"}], \"packageURL\": \"pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp\u0026vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git\", \"packageName\": \"ssh\", \"programFiles\": [\"src/ssh_auth.erl\", \"src/ssh_options.erl\"], \"defaultStatus\": \"unknown\", \"programRoutines\": [{\"name\": \"ssh_auth:check_password/3\"}, {\"name\": \"ssh_options:get_password_option/2\"}]}, {\"cpes\": [\"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\"], \"repo\": \"https://github.com/erlang/otp\", \"vendor\": \"Erlang\", \"modules\": [\"ssh_auth\", \"ssh_options\"], \"product\": \"OTP\", \"versions\": [{\"status\": \"affected\", \"version\": \"29.0\", \"lessThan\": \"29.0.2\", \"versionType\": \"otp\"}, {\"status\": \"affected\", \"version\": \"032d1bc9491a3975c68faf9bc7776115d6ae3005\", \"lessThan\": \"c342092ef4b369bb409d5b71ac8fd83bab74aedf\", \"versionType\": \"git\"}], \"packageURL\": \"pkg:github/erlang/otp\", \"packageName\": \"erlang/otp\", \"programFiles\": [\"lib/ssh/src/ssh_auth.erl\", \"lib/ssh/src/ssh_options.erl\"], \"collectionURL\": \"https://github.com\", \"defaultStatus\": \"unknown\", \"programRoutines\": [{\"name\": \"ssh_auth:check_password/3\"}, {\"name\": \"ssh_options:get_password_option/2\"}]}], \"references\": [{\"url\": \"https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4\", \"tags\": [\"vendor-advisory\", \"related\"]}, {\"url\": \"https://cna.erlef.org/cves/CVE-2026-48859.html\", \"tags\": [\"related\"]}, {\"url\": \"https://osv.dev/vulnerability/EEF-CVE-2026-48859\", \"tags\": [\"related\"]}, {\"url\": \"https://www.erlang.org/doc/system/versions.html#order-of-versions\", \"tags\": [\"x_version-scheme\"]}, {\"url\": \"https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf\", \"tags\": [\"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Use the pwdfun option instead of user_passwords for password authentication. The pwdfun callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use the \u003ctt\u003epwdfun\u003c/tt\u003e option instead of \u003ctt\u003euser_passwords\u003c/tt\u003e for password authentication. The \u003ctt\u003epwdfun\u003c/tt\u003e callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity.\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\\n\\nWhen the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\\n\\nThe user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.\\n\\nThis vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.\\n\\nThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eObservable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\u003c/p\u003e\u003cp\u003eWhen the SSH daemon is configured with the \u003ctt\u003euser_passwords\u003c/tt\u003e or \u003ctt\u003epassword\u003c/tt\u003e option, \u003ctt\u003essh_auth:check_password/3\u003c/tt\u003e performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the \u003ctt\u003essh_options:get_password_option/2\u003c/tt\u003e path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\u003c/p\u003e\u003cp\u003eThe \u003ctt\u003euser_passwords\u003c/tt\u003e and \u003ctt\u003epassword\u003c/tt\u003e options are documented as intended for test purposes; the recommended alternative is \u003ctt\u003epwdfun\u003c/tt\u003e, which is not affected by this vulnerability.\u003c/p\u003e\u003cp\u003eThis vulnerability is associated with program files \u003ctt\u003elib/ssh/src/ssh_auth.erl\u003c/tt\u003e and \u003ctt\u003elib/ssh/src/ssh_options.erl\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-208\", \"description\": \"CWE-208 Observable Timing Discrepancy\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"The SSH daemon must be configured with the user_passwords or password option for password authentication. Systems using the pwdfun option instead are not affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The SSH daemon must be configured with the \u003ctt\u003euser_passwords\u003c/tt\u003e or \u003ctt\u003epassword\u003c/tt\u003e option for password authentication. Systems using the \u003ctt\u003epwdfun\u003c/tt\u003e option instead are not affected.\", \"base64\": false}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:erlang:erlang\\\\/otp:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"29.0.2\", \"versionStartIncluding\": \"29.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"shortName\": \"EEF\", \"dateUpdated\": \"2026-06-11T04:45:32.938Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-48859\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-11T04:45:32.938Z\", \"dateReserved\": \"2026-05-25T20:44:10.697Z\", \"assignerOrgId\": \"6b3ad84c-e1a6-4bf7-a703-f496b71e49db\", \"datePublished\": \"2026-06-10T14:35:43.553Z\", \"assignerShortName\": \"EEF\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…