You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 39894
About this tag
CVE-2024-39894 is a vulnerability in OpenSSH versions 9.5 through 9.7 that affects the keystroke obfuscation feature. A logic error in these versions undermines the intended protections, potentially exposing limited keystroke timing information, including during echo-off password prompts used by su and sudo. The issue was fixed in OpenSSH 9.8 and 9.8p1. On WindowsForum.com, discussions cover the practical risks, exploitation difficulty, and remediation steps for administrators and security teams managing affected systems.
OpenSSH’s keystroke obfuscation feature, introduced to make interactive typing over SSH harder to observe, contained a logic error in versions 9.5 through 9.7 that undermined its protections and re-exposed limited keystroke timing information — including during echo-off password prompts such as...