Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did not work as expected. A remote attacker could possibly use this issue to determine timing information about keystrokes.
{ "availability": "No subscription required", "binaries": [ { "openssh-client": "1:9.6p1-3ubuntu13.4", "ssh-askpass-gnome-dbgsym": "1:9.6p1-3ubuntu13.4", "openssh-tests": "1:9.6p1-3ubuntu13.4", "openssh-sftp-server-dbgsym": "1:9.6p1-3ubuntu13.4", "ssh-askpass-gnome": "1:9.6p1-3ubuntu13.4", "openssh-sftp-server": "1:9.6p1-3ubuntu13.4", "openssh-server": "1:9.6p1-3ubuntu13.4", "openssh-tests-dbgsym": "1:9.6p1-3ubuntu13.4", "openssh-server-dbgsym": "1:9.6p1-3ubuntu13.4", "ssh": "1:9.6p1-3ubuntu13.4", "openssh-client-dbgsym": "1:9.6p1-3ubuntu13.4" } ] }