OpenSSH user enumeration — confirms valid usernames via timing differences, aiding credential stuffing attacks. Update OpenSSH to 7.8+. Implement rate limiting on SSH attempts and consider key-only authentication to eliminate password-based enumeration risk.
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →