CVE-2024-39894: 
OpenSSH vulnerability analysis and mitigation

OpenSSH versions 9.5 through 9.7 before 9.8 contain a logic error in the ObscureKeystrokeTiming feature that affects echo-off password entry functionality. The vulnerability was discovered by Philippos Giavridis and independently by researchers from the University of Cambridge Computer Lab (Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford). The issue was disclosed on July 1, 2024, and fixed in OpenSSH 9.8 (OpenSSH Release).

The vulnerability stems from a logic error in the ssh(1) ObscureKeystrokeTiming feature where both fake and real keystroke packets were being sent unconditionally. This rendered the feature ineffective as a passive observer could still detect which network packets contained real keystrokes. The issue also broke a long-standing timing attack mitigation where sshd(8) would send fake keystroke echo packets for traffic received on TTYs in echo-off mode. The vulnerability affects systems with a granularity of 20ms by default (OpenSSH Release, Cambridge Research).

A passive observer of an SSH session could detect when echo was off and obtain timing information about keystrokes, potentially leading to the disclosure of sensitive information such as passwords entered in su(8) or sudo(8). The vulnerability allows attackers to distinguish between real keystrokes and fake packets, making it possible to perform keystroke timing analysis (OpenSSH Release, NetApp Advisory).

The vulnerability is fixed in OpenSSH 9.8. Users should upgrade to this version or later to address the issue. For systems that cannot be immediately upgraded, the vulnerability does not affect connections when ObscureKeystrokeTiming is disabled or sessions where no TTY was requested (OpenSSH Release, FreeBSD Advisory).

The security community has actively discussed this vulnerability, particularly noting its implications for SSH session privacy. The discovery has led to increased attention to keystroke timing attacks and their mitigations in secure shell implementations. The vulnerability has been acknowledged and patched by various vendors including NetApp and FreeBSD (HN Discussion).