Openssh · Openssh · CVE-2003-1562
**Name of the Vulnerable Software and Affected Versions**
OpenSSH versions 3.6.1p2 and earlier
**Description**
The issue allows remote attackers to potentially determine if the password step of a multi-step authentication is successful by using timing differences. This occurs when PermitRootLogin is disabled and PAM keyboard-interactive authentication is used.
**Recommendations**
For OpenSSH versions 3.6.1p2 and earlier, consider updating to a version that includes a fix for this issue, as the current version allows for potential timing attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.