CVE-2026-48859

SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration

Previous Page: « Back to all CVEs Next Page: See on OSV.dev »

Weakness Type (CWE)

CWE-208 — CWE-208 Observable Timing Discrepancy

CAPEC

• CAPEC-116 — CAPEC-116 Excavation

CVSS 4.0 Score

6.3

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability description

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.

When the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.

The user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.

This vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.

This issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.

Affected

pkg:otp/ssh

Module	Source File	Routine
ssh_auth	src/ssh_auth.erl	ssh_auth:check_password/3
ssh_options	src/ssh_options.erl	ssh_options:get_password_option/2

Status	Type	Version	Changes / Fixed in
affected	otp ⓘ	6.0	< 6.0.1

pkg:github/erlang/otp

Module	Source File	Routine
ssh_auth	lib/ssh/src/ssh_auth.erl	ssh_auth:check_password/3
ssh_options	lib/ssh/src/ssh_options.erl	ssh_options:get_password_option/2

Status	Type	Version	Changes / Fixed in
affected	otp ⓘ	29.0	< 29.0.2
affected	git ⓘ	032d1bc949	< c342092ef4

Configurations

The SSH daemon must be configured with the user_passwords or password option for password authentication. Systems using the pwdfun option instead are not affected.

Workarounds

Use the pwdfun option instead of user_passwords for password authentication. The pwdfun callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity.

References

• https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 vendor-advisory related
• https://osv.dev/vulnerability/EEF-CVE-2026-48859 related
• https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf patch

Credits

• Finder: Zhang Delong
• Remediation developer: Jakub Witczak
• Remediation reviewer: Ingela Anderton Andin
• Remediation reviewer: Michał Wąsowski

CVE record as JSON:  GET /cves/CVE-2026-48859.json
OSV record as JSON:  GET /osv/EEF-CVE-2026-48859.json