You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
keystroke timing
About this tag
Keystroke timing refers to the measurable intervals between key presses during typing, which can be exploited to infer sensitive information such as passwords. On WindowsForum.com, discussions focus on the OpenSSH keystroke timing bug CVE-2024-39894, which affected OpenSSH versions 9.5 through 9.7. This vulnerability undermined keystroke obfuscation features designed to protect interactive SSH sessions, re-exposing timing information even during password prompts for su and sudo. The bug was fixed in OpenSSH 9.8, but administrators and security teams must assess risk, exploitation feasibility, and remediation steps for production systems. Topics include patching, mitigation strategies, and operational impacts for enterprise IT environments.
OpenSSH’s keystroke obfuscation feature, introduced to make interactive typing over SSH harder to observe, contained a logic error in versions 9.5 through 9.7 that undermined its protections and re-exposed limited keystroke timing information — including during echo-off password prompts such as...