FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- OpenSSH Keystroke Obfuscation Bypass

Affected packages
14.1 <= FreeBSD < 14.1_7

Details

VuXML ID 69e19c0b-debc-11ef-87ba-002590c1f29c
Discovery 2025-01-29
Entry 2025-01-30

Problem Description:

A logic error in the ssh(1) ObscureKeystrokeTiming feature (on by default) rendered this feature ineffective.

Impact:

A passive observer could detect which network packets contain real keystrokes, and infer the specific characters being transmitted from packet timing.

References

CVE Name CVE-2024-39894
FreeBSD Advisory SA-25:01.openssh

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.