{"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","modules":["ssh_auth","ssh_options"],"packageName":"ssh","packageURL":"pkg:otp/ssh?repository_url=https:%2F%2Fgithub.com%2Ferlang%2Fotp&vcs_url=git%20https:%2F%2Fgithub.com%2Ferlang%2Fotp.git","product":"OTP","programFiles":["src/ssh_auth.erl","src/ssh_options.erl"],"programRoutines":[{"name":"ssh_auth:check_password/3"},{"name":"ssh_options:get_password_option/2"}],"repo":"https://github.com/erlang/otp","vendor":"Erlang","versions":[{"lessThan":"6.0.1","status":"affected","version":"6.0","versionType":"otp"}]},{"collectionURL":"https://github.com","cpes":["cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","modules":["ssh_auth","ssh_options"],"packageName":"erlang/otp","packageURL":"pkg:github/erlang/otp","product":"OTP","programFiles":["lib/ssh/src/ssh_auth.erl","lib/ssh/src/ssh_options.erl"],"programRoutines":[{"name":"ssh_auth:check_password/3"},{"name":"ssh_options:get_password_option/2"}],"repo":"https://github.com/erlang/otp","vendor":"Erlang","versions":[{"lessThan":"29.0.2","status":"affected","version":"29.0","versionType":"otp"},{"lessThan":"c342092ef4b369bb409d5b71ac8fd83bab74aedf","status":"affected","version":"032d1bc9491a3975c68faf9bc7776115d6ae3005","versionType":"git"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The SSH daemon must be configured with the <tt>user_passwords</tt> or <tt>password</tt> option for password authentication. Systems using the <tt>pwdfun</tt> option instead are not affected."}],"value":"The SSH daemon must be configured with the user_passwords or password option for password authentication. Systems using the pwdfun option instead are not affected."}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionEndExcluding":"29.0.2","versionStartIncluding":"29.0","vulnerable":true}],"negate":false,"operator":"OR"}]}],"credits":[{"lang":"en","type":"finder","value":"Zhang Delong"},{"lang":"en","type":"remediation developer","value":"Jakub Witczak"},{"lang":"en","type":"remediation reviewer","value":"Ingela Anderton Andin"},{"lang":"en","type":"remediation reviewer","value":"Michał Wąsowski"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.</p><p>When the SSH daemon is configured with the <tt>user_passwords</tt> or <tt>password</tt> option, <tt>ssh_auth:check_password/3</tt> performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the <tt>ssh_options:get_password_option/2</tt> path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.</p><p>The <tt>user_passwords</tt> and <tt>password</tt> options are documented as intended for test purposes; the recommended alternative is <tt>pwdfun</tt>, which is not affected by this vulnerability.</p><p>This vulnerability is associated with program files <tt>lib/ssh/src/ssh_auth.erl</tt> and <tt>lib/ssh/src/ssh_options.erl</tt>.</p><p>This issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.</p>"}],"value":"Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\n\nWhen the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\n\nThe user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.\n\nThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1."}],"impacts":[{"capecId":"CAPEC-116","descriptions":[{"lang":"en","value":"CAPEC-116 Excavation"}]}],"metrics":[{"cvssV4_0":{"attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":6.3,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-208","description":"CWE-208 Observable Timing Discrepancy","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-10T14:38:17.058Z","orgId":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","shortName":"EEF"},"references":[{"tags":["vendor-advisory","related"],"url":"https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4"},{"tags":["related"],"url":"https://cna.erlef.org/cves/CVE-2026-48859.html"},{"tags":["related"],"url":"https://osv.dev/vulnerability/EEF-CVE-2026-48859"},{"tags":["x_version-scheme"],"url":"https://www.erlang.org/doc/system/versions.html#order-of-versions"},{"tags":["patch"],"url":"https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf"}],"source":{"discovery":"EXTERNAL"},"title":"SSH server timing side-channel in ssh_auth:check_password/3 allows unauthenticated username enumeration","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Use the <tt>pwdfun</tt> option instead of <tt>user_passwords</tt> for password authentication. The <tt>pwdfun</tt> callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity."}],"value":"Use the pwdfun option instead of user_passwords for password authentication. The pwdfun callback gives full control over timing behavior and is not affected by this vulnerability. Implementations should take care to execute in approximately constant time regardless of username validity."},{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements."}],"value":"Restrict SSH port access to trusted networks only via firewall rules, reducing the set of potential attackers who can perform timing measurements."}],"x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","assignerShortName":"EEF","cveId":"CVE-2026-48859","datePublished":"2026-06-10T14:35:43.553Z","dateReserved":"2026-05-25T20:44:10.697Z","dateUpdated":"2026-06-10T14:38:17.058Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"}