CVE-2026-48859
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh allows unauthenticated remote username enumeration via timing side-channel in password authentication. The timing difference in responses for valid and invalid usernames enables an attacker to distinguish them in a single authentication attempt.
Risk Assessment
The organization may be exposed to attacks that allow unauthorized users to identify valid usernames, potentially leading to further intrusion attempts.
Recommendation
It is recommended to avoid using the user_passwords and password options in SSH configuration and to switch to the pwdfun alternative, which is not affected by this vulnerability.
Original NVD description (English source)
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames. The user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability. This vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl. This issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.

