CVE-2006-5229

Name of the Vulnerable Software and Affected Versions OpenSSH portable version 4.1

Description The issue allows remote attackers to determine valid usernames via timing discrepancies, where responses take longer for valid usernames than invalid ones. This is possibly dependent on the use of manually-set passwords that cause delays when processing /etc/shadow due to an increased number of rounds.

Recommendations For OpenSSH portable version 4.1, consider configuring the system to use a different password authentication method to minimize the risk of exploitation. As a temporary workaround, restrict access to the sshtime demonstration tool until a more secure configuration is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.